From 677b8506a331f3585ff03f43eb6143a38d3d2781 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Mon, 13 Mar 2023 23:36:44 -0400 Subject: [PATCH] Add OpenShift 4.13 REST APIs - https://issues.redhat.com/browse/OSDOCS-4866 --- _topic_maps/_topic_map.yml | 12 +- api-config.yaml | 16 +- ...sreview-authorization-openshift-io-v1.adoc | 5 +- ...sreview-authorization-openshift-io-v1.adoc | 5 +- ...sreview-authorization-openshift-io-v1.adoc | 5 +- ...sreview-authorization-openshift-io-v1.adoc | 5 +- ...sreview-authorization-openshift-io-v1.adoc | 5 +- ...sreview-authorization-openshift-io-v1.adoc | 5 +- ...utoscaler-autoscaling-openshift-io-v1.adoc | 2 +- ...orizontalpodautoscaler-autoscaling-v2.adoc | 6 +- ...authentication-config-openshift-io-v1.adoc | 2 +- .../build-config-openshift-io-v1.adoc | 49 + ...clusterversion-config-openshift-io-v1.adoc | 20 +- rest_api/config_apis/config-apis-index.adoc | 24 + ...igestmirrorset-config-openshift-io-v1.adoc | 651 ++++++++++ ...getagmirrorset-config-openshift-io-v1.adoc | 651 ++++++++++ ...infrastructure-config-openshift-io-v1.adoc | 381 ++++++ ...consoleplugin-console-openshift-io-v1.adoc | 2 +- ...rcedefinition-apiextensions-k8s-io-v1.adoc | 2 +- .../image-image-openshift-io-v1.adoc | 92 +- .../imagesignature-image-openshift-io-v1.adoc | 5 +- .../imagestream-image-openshift-io-v1.adoc | 21 +- ...magestreamimage-image-openshift-io-v1.adoc | 85 +- ...agestreamimport-image-openshift-io-v1.adoc | 1019 ++++++++++++++- ...agestreamlayers-image-openshift-io-v1.adoc | 6 +- ...gestreammapping-image-openshift-io-v1.adoc | 88 +- .../imagestreamtag-image-openshift-io-v1.adoc | 98 +- .../imagetag-image-openshift-io-v1.adoc | 98 +- .../secretlist-image-openshift-io-v1.adoc | 2 +- rest_api/index.adoc | 14 +- ...-machineconfiguration-openshift-io-v1.adoc | 11 +- ...equestcount-apiserver-openshift-io-v1.adoc | 10 +- ...alertmanager-monitoring-coreos-com-v1.adoc | 616 ++++++++- ...rconfig-monitoring-coreos-com-v1beta1.adoc | 114 +- .../podmonitor-monitoring-coreos-com-v1.adoc | 16 +- .../probe-monitoring-coreos-com-v1.adoc | 8 +- .../prometheus-monitoring-coreos-com-v1.adoc | 629 ++++++++- ...ometheusrule-monitoring-coreos-com-v1.adoc | 26 +- ...rvicemonitor-monitoring-coreos-com-v1.adoc | 38 +- .../thanosruler-monitoring-coreos-com-v1.adoc | 415 +++++- .../endpointslice-discovery-k8s-io-v1.adoc | 4 +- .../ingress-networking-k8s-io-v1.adoc | 131 +- .../networkpolicy-networking-k8s-io-v1.adoc | 16 +- ...tion-whereabouts-cni-cncf-io-v1alpha1.adoc | 4 + .../route-route-openshift-io-v1.adoc | 17 +- rest_api/node_apis/node-v1.adoc | 4 +- ...authaccesstoken-oauth-openshift-io-v1.adoc | 2 +- ...hauthorizetoken-oauth-openshift-io-v1.adoc | 2 +- .../oauthclient-oauth-openshift-io-v1.adoc | 2 +- ...ntauthorization-oauth-openshift-io-v1.adoc | 2 +- ...authaccesstoken-oauth-openshift-io-v1.adoc | 2 +- rest_api/objects/index.adoc | 770 ++++++----- ...mageregistry-operator-openshift-io-v1.adoc | 74 +- .../console-operator-openshift-io-v1.adoc | 59 +- ...mageregistry-operator-openshift-io-v1.adoc | 49 + ...sscontroller-operator-openshift-io-v1.adoc | 70 +- ...ghtsoperator-operator-openshift-io-v1.adoc | 4 + ...gsource-operators-coreos-com-v1alpha1.adoc | 10 +- ...version-operators-coreos-com-v1alpha1.adoc | 48 +- .../olmconfig-operators-coreos-com-v1.adoc | 6 +- ...atorcondition-operators-coreos-com-v2.adoc | 18 +- ...operatorgroup-operators-coreos-com-v1.adoc | 6 +- ...fest-packages-operators-coreos-com-v1.adoc | 52 +- .../poddisruptionbudget-policy-v1.adoc | 14 + .../project-project-openshift-io-v1.adoc | 13 +- ...rojectrequest-project-openshift-io-v1.adoc | 5 +- ...stfirmwaresettings-metal3-io-v1alpha1.adoc | 6 +- ...frastructure-cluster-x-k8s-io-v1beta1.adoc | 721 +++++++++++ ...frastructure-cluster-x-k8s-io-v1beta1.adoc | 793 ++++++++++++ ...eprovisioningimage-metal3-io-v1alpha1.adoc | 6 +- .../provisioning-apis-index.adoc | 22 + .../provisioning-metal3-io-v1alpha1.adoc | 4 + ...terrole-authorization-openshift-io-v1.adoc | 13 +- ...binding-authorization-openshift-io-v1.adoc | 11 +- .../role-authorization-openshift-io-v1.adoc | 13 +- ...binding-authorization-openshift-io-v1.adoc | 11 +- ...erresourcequota-quota-openshift-io-v1.adoc | 2 +- ...-flowcontrol-apiserver-k8s-io-v1beta1.adoc | 1135 ----------------- ...-flowcontrol-apiserver-k8s-io-v1beta1.adoc | 881 ------------- .../schedule-and-quota-apis-index.adoc | 8 +- ...policyreview-security-openshift-io-v1.adoc | 3 + ...ubjectreview-security-openshift-io-v1.adoc | 3 + ...ubjectreview-security-openshift-io-v1.adoc | 3 + ...geallocation-security-openshift-io-v1.adoc | 11 +- .../persistentvolume-v1.adoc | 36 +- .../persistentvolumeclaim-v1.adoc | 75 +- rest_api/storage_apis/storage-apis-index.adoc | 11 + ...lateinstance-template-openshift-io-v1.adoc | 11 +- rest_api/template_apis/podtemplate-v1.adoc | 382 +++++- .../template-template-openshift-io-v1.adoc | 16 +- ...lateinstance-template-openshift-io-v1.adoc | 21 +- .../group-user-openshift-io-v1.adoc | 2 +- .../identity-user-openshift-io-v1.adoc | 2 +- .../user-user-openshift-io-v1.adoc | 2 +- ...ridentitymapping-user-openshift-io-v1.adoc | 2 +- .../build-build-openshift-io-v1.adoc | 144 ++- .../buildconfig-build-openshift-io-v1.adoc | 141 +- .../buildrequest-build-openshift-io-v1.adoc | 8 +- ...deploymentconfig-apps-openshift-io-v1.adoc | 19 +- ...ntconfigrollback-apps-openshift-io-v1.adoc | 3 + ...eploymentrequest-apps-openshift-io-v1.adoc | 3 + rest_api/workloads_apis/pod-v1.adoc | 382 +++++- .../workloads_apis/replicaset-apps-v1.adoc | 2 +- .../replicationcontroller-v1.adoc | 384 +++++- .../workloads_apis/statefulset-apps-v1.adoc | 31 +- .../workloads_apis/workloads-apis-index.adoc | 11 - 106 files changed, 8984 insertions(+), 2993 deletions(-) create mode 100644 rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc create mode 100644 rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc create mode 100644 rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc create mode 100644 rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc rename rest_api/{workloads_apis => storage_apis}/persistentvolume-v1.adoc (97%) diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index d9dc9485b4..182326354b 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -2836,8 +2836,12 @@ Topics: File: helmchartrepository-helm-openshift-io-v1beta1 - Name: 'Image [config.openshift.io/v1]' File: image-config-openshift-io-v1 + - Name: 'ImageDigestMirrorSet [config.openshift.io/v1]' + File: imagedigestmirrorset-config-openshift-io-v1 - Name: 'ImageContentPolicy [config.openshift.io/v1]' File: imagecontentpolicy-config-openshift-io-v1 + - Name: 'ImageTagMirrorSet [config.openshift.io/v1]' + File: imagetagmirrorset-config-openshift-io-v1 - Name: 'Infrastructure [config.openshift.io/v1]' File: infrastructure-config-openshift-io-v1 - Name: 'Ingress [config.openshift.io/v1]' @@ -3160,6 +3164,10 @@ Topics: File: hardwaredata-metal3-io-v1alpha1 - Name: 'HostFirmwareSettings [metal3.io/v1alpha1]' File: hostfirmwaresettings-metal3-io-v1alpha1 + - Name: 'Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1]' + File: metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1]' + File: metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1 - Name: 'PreprovisioningImage [metal3.io/v1alpha1]' File: preprovisioningimage-metal3-io-v1alpha1 - Name: 'Provisioning [metal3.io/v1alpha1]' @@ -3245,6 +3253,8 @@ Topics: File: csinode-storage-k8s-io-v1 - Name: 'CSIStorageCapacity [storage.k8s.io/v1]' File: csistoragecapacity-storage-k8s-io-v1 + - Name: 'PersistentVolume [undefined/v1]' + File: persistentvolume-v1 - Name: 'PersistentVolumeClaim [undefined/v1]' File: persistentvolumeclaim-v1 - Name: 'StorageClass [storage.k8s.io/v1]' @@ -3320,8 +3330,6 @@ Topics: File: pod-v1 - Name: 'ReplicationController [undefined/v1]' File: replicationcontroller-v1 - - Name: 'PersistentVolume [undefined/v1]' - File: persistentvolume-v1 - Name: 'ReplicaSet [apps/v1]' File: replicaset-apps-v1 - Name: 'StatefulSet [apps/v1]' diff --git a/api-config.yaml b/api-config.yaml index 6203b55765..56fa5e8d83 100644 --- a/api-config.yaml +++ b/api-config.yaml @@ -86,9 +86,15 @@ apiMap: - kind: Image group: config.openshift.io version: v1 + - kind: ImageDigestMirrorSet + group: config.openshift.io + version: v1 - kind: ImageContentPolicy group: config.openshift.io version: v1 + - kind: ImageTagMirrorSet + group: config.openshift.io + version: v1 - kind: Infrastructure group: config.openshift.io version: v1 @@ -515,6 +521,12 @@ apiMap: - kind: HostFirmwareSettings group: metal3.io version: v1alpha1 + - kind: Metal3Remediation + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: Metal3RemediationTemplate + group: infrastructure.cluster.x-k8s.io + version: v1beta1 - kind: PreprovisioningImage group: metal3.io version: v1alpha1 @@ -617,6 +629,8 @@ apiMap: - kind: CSIStorageCapacity group: storage.k8s.io version: v1 + - kind: PersistentVolume + version: v1 - kind: PersistentVolumeClaim version: v1 - kind: StorageClass @@ -709,8 +723,6 @@ apiMap: version: v1 - kind: ReplicationController version: v1 - - kind: PersistentVolume - version: v1 - kind: ReplicaSet group: apps version: v1 diff --git a/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc index 8d3e57501b..cab672b4ce 100644 --- a/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc +++ b/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc @@ -41,7 +41,7 @@ Required:: | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | `content` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | Content is the actual content of the request for create and update | `isNonResourceURL` @@ -111,6 +111,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc index 2818f2342e..a1f3479854 100644 --- a/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc +++ b/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc @@ -44,7 +44,7 @@ Required:: | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | `content` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | Content is the actual content of the request for create and update | `groups` @@ -126,6 +126,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc index 9ddc485347..5b243fe6fc 100644 --- a/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc +++ b/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc @@ -41,7 +41,7 @@ Required:: | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | `content` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | Content is the actual content of the request for create and update | `isNonResourceURL` @@ -103,6 +103,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc index ba5b4320cf..6ee790980d 100644 --- a/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc +++ b/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc @@ -140,7 +140,7 @@ Required:: | APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed | `attributeRestrictions` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error. | `nonResourceURLs` @@ -190,6 +190,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc index e75d8250eb..4762c5df34 100644 --- a/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc +++ b/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc @@ -44,7 +44,7 @@ Required:: | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | `content` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | Content is the actual content of the request for create and update | `groups` @@ -118,6 +118,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc index 55ff3572ad..fb7d1efe2c 100644 --- a/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc +++ b/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc @@ -150,7 +150,7 @@ Required:: | APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed | `attributeRestrictions` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error. | `nonResourceURLs` @@ -200,6 +200,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc index 20bcc301b8..65417e608a 100644 --- a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc +++ b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc @@ -216,7 +216,7 @@ Required:: | `type` | `string` -| +| The type of GPU to associate with the minimum and maximum limits. This value is used by the Cluster Autoscaler to identify Nodes that will have GPU capacity by searching for it as a label value on the Node objects. For example, Nodes that carry the label key `cluster-api/accelerator` with the label value being the same as the Type field will be counted towards the resource limits by the Cluster Autoscaler. |=== === .spec.resourceLimits.memory diff --git a/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc b/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc index 3741237805..7a68c367d3 100644 --- a/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc +++ b/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc @@ -559,7 +559,7 @@ Required:: | `kind` | `string` -| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" +| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `name` | `string` @@ -814,7 +814,7 @@ Required:: | `kind` | `string` -| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" +| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `name` | `string` @@ -1225,7 +1225,7 @@ Required:: | `kind` | `string` -| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" +| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `name` | `string` diff --git a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc index 7d41af76c7..861fc4cf55 100644 --- a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc @@ -72,7 +72,7 @@ Type:: | `serviceAccountIssuer` | `string` -| serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will result in the invalidation of all bound tokens with the previous issuer value. Unless the holder of a bound token has explicit support for a change in issuer, they will not request a new bound token until pod restart or until their existing token exceeds 80% of its duration. +| serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption. | `type` | `string` diff --git a/rest_api/config_apis/build-config-openshift-io-v1.adoc b/rest_api/config_apis/build-config-openshift-io-v1.adoc index d2de00c32b..581d82fad1 100644 --- a/rest_api/config_apis/build-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/build-config-openshift-io-v1.adoc @@ -543,6 +543,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -551,6 +561,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.buildDefaults.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.buildDefaults.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.buildOverrides Description:: diff --git a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc index 7dd1f5ba22..da038d8d82 100644 --- a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc @@ -82,7 +82,8 @@ Required:: | `desiredUpdate` | `object` -| desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history. +| desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. + Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed. | `overrides` @@ -128,7 +129,8 @@ Type:: Description:: + -- -desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history. +desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. + Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed. -- @@ -142,17 +144,21 @@ Type:: |=== | Property | Type | Description +| `architecture` +| `string` +| architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty. + | `force` | `boolean` | force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. | `image` | `string` -| image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. +| image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. | `version` | `string` -| version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. +| version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified. |=== === .spec.overrides @@ -454,7 +460,7 @@ Type:: | `version` | `string` -| version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. +| version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. |=== === .status.conditionalUpdates[].risks @@ -664,7 +670,7 @@ Type:: | `version` | `string` -| version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. +| version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. |=== === .status.history @@ -728,7 +734,7 @@ Required:: | `version` | `string` -| version is a semantic versioning identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty. +| version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty. |=== diff --git a/rest_api/config_apis/config-apis-index.adoc b/rest_api/config_apis/config-apis-index.adoc index a16245eddb..ae6ba5cb0f 100644 --- a/rest_api/config_apis/config-apis-index.adoc +++ b/rest_api/config_apis/config-apis-index.adoc @@ -125,6 +125,18 @@ Image governs policies related to imagestream imports and runtime configuration Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- +Type:: + `object` + +== ImageDigestMirrorSet [config.openshift.io/v1] + +Description:: ++ +-- +ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + Type:: `object` @@ -137,6 +149,18 @@ ImageContentPolicy holds cluster-wide information about how to handle registry m Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- +Type:: + `object` + +== ImageTagMirrorSet [config.openshift.io/v1] + +Description:: ++ +-- +ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + Type:: `object` diff --git a/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc b/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc new file mode 100644 index 0000000000..97ab8cff7d --- /dev/null +++ b/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc @@ -0,0 +1,651 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_content-type: ASSEMBLY +[id="imagedigestmirrorset-config-openshift-io-v1"] += ImageDigestMirrorSet [config.openshift.io/v1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec holds user settable values for configuration + +| `status` +| `object` +| status contains the observed state of the resource. + +|=== +=== .spec +Description:: ++ +-- +spec holds user settable values for configuration +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `imageDigestMirrors` +| `array` +| imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using "ImageTagMirrorSet" CRD. + If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. + If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. + When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order. + +| `imageDigestMirrors[]` +| `object` +| ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. + +|=== +=== .spec.imageDigestMirrors +Description:: ++ +-- +imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using "ImageTagMirrorSet" CRD. + If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. + If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. + When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order. +-- + +Type:: + `array` + + + + +=== .spec.imageDigestMirrors[] +Description:: ++ +-- +ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. +-- + +Type:: + `object` + +Required:: + - `source` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `mirrorSourcePolicy` +| `string` +| mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + +| `mirrors` +| `array (string)` +| mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + +| `source` +| `string` +| source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + +|=== +=== .status +Description:: ++ +-- +status contains the observed state of the resource. +-- + +Type:: + `object` + + + + + +== API endpoints + +The following API endpoints are available: + +* `/apis/config.openshift.io/v1/imagedigestmirrorsets` +- `DELETE`: delete collection of ImageDigestMirrorSet +- `GET`: list objects of kind ImageDigestMirrorSet +- `POST`: create an ImageDigestMirrorSet +* `/apis/config.openshift.io/v1/imagedigestmirrorsets/{name}` +- `DELETE`: delete an ImageDigestMirrorSet +- `GET`: read the specified ImageDigestMirrorSet +- `PATCH`: partially update the specified ImageDigestMirrorSet +- `PUT`: replace the specified ImageDigestMirrorSet +* `/apis/config.openshift.io/v1/imagedigestmirrorsets/{name}/status` +- `GET`: read status of the specified ImageDigestMirrorSet +- `PATCH`: partially update status of the specified ImageDigestMirrorSet +- `PUT`: replace status of the specified ImageDigestMirrorSet + + +=== /apis/config.openshift.io/v1/imagedigestmirrorsets + + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete collection of ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.config.v1.ImageDigestMirrorSetList[`ImageDigestMirrorSetList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create an ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 201 - Created +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 202 - Accepted +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1/imagedigestmirrorsets/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ImageDigestMirrorSet +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete an ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `gracePeriodSeconds` +| `integer` +| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. +| `orphanDependents` +| `boolean` +| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. +| `propagationPolicy` +| `string` +| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 201 - Created +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1/imagedigestmirrorsets/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ImageDigestMirrorSet +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `GET` + +Description:: + read status of the specified ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ImageDigestMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 201 - Created +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`ImageDigestMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc b/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc new file mode 100644 index 0000000000..4aea489631 --- /dev/null +++ b/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc @@ -0,0 +1,651 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_content-type: ASSEMBLY +[id="imagetagmirrorset-config-openshift-io-v1"] += ImageTagMirrorSet [config.openshift.io/v1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec holds user settable values for configuration + +| `status` +| `object` +| status contains the observed state of the resource. + +|=== +=== .spec +Description:: ++ +-- +spec holds user settable values for configuration +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `imageTagMirrors` +| `array` +| imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using "ImageDigestMirrorSet" CRD. + If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. + If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. + When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order. + +| `imageTagMirrors[]` +| `object` +| ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config. + +|=== +=== .spec.imageTagMirrors +Description:: ++ +-- +imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using "ImageDigestMirrorSet" CRD. + If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the "source", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. + If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. + When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order. +-- + +Type:: + `array` + + + + +=== .spec.imageTagMirrors[] +Description:: ++ +-- +ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config. +-- + +Type:: + `object` + +Required:: + - `source` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `mirrorSourcePolicy` +| `string` +| mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + +| `mirrors` +| `array (string)` +| mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + +| `source` +| `string` +| source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + +|=== +=== .status +Description:: ++ +-- +status contains the observed state of the resource. +-- + +Type:: + `object` + + + + + +== API endpoints + +The following API endpoints are available: + +* `/apis/config.openshift.io/v1/imagetagmirrorsets` +- `DELETE`: delete collection of ImageTagMirrorSet +- `GET`: list objects of kind ImageTagMirrorSet +- `POST`: create an ImageTagMirrorSet +* `/apis/config.openshift.io/v1/imagetagmirrorsets/{name}` +- `DELETE`: delete an ImageTagMirrorSet +- `GET`: read the specified ImageTagMirrorSet +- `PATCH`: partially update the specified ImageTagMirrorSet +- `PUT`: replace the specified ImageTagMirrorSet +* `/apis/config.openshift.io/v1/imagetagmirrorsets/{name}/status` +- `GET`: read status of the specified ImageTagMirrorSet +- `PATCH`: partially update status of the specified ImageTagMirrorSet +- `PUT`: replace status of the specified ImageTagMirrorSet + + +=== /apis/config.openshift.io/v1/imagetagmirrorsets + + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete collection of ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.config.v1.ImageTagMirrorSetList[`ImageTagMirrorSetList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create an ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 201 - Created +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 202 - Accepted +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1/imagetagmirrorsets/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ImageTagMirrorSet +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete an ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `gracePeriodSeconds` +| `integer` +| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. +| `orphanDependents` +| `boolean` +| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. +| `propagationPolicy` +| `string` +| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 201 - Created +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1/imagetagmirrorsets/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ImageTagMirrorSet +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `GET` + +Description:: + read status of the specified ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ImageTagMirrorSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 201 - Created +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`ImageTagMirrorSet`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc index 9424eb6214..c5740eb583 100644 --- a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc @@ -140,6 +140,10 @@ Type:: | `object` | EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. +| `external` +| `object` +| ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. + | `gcp` | `object` | GCP contains settings specific to the Google Cloud Platform infrastructure provider. @@ -294,6 +298,55 @@ Type:: +=== .spec.platformSpec.external +Description:: ++ +-- +ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cloudControllerManager` +| `object` +| CloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI) + +| `platformName` +| `string` +| PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making. + +|=== +=== .spec.platformSpec.external.cloudControllerManager +Description:: ++ +-- +CloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI) +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `state` +| `string` +| state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + When set to "External", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to "None", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected. + +|=== === .spec.platformSpec.gcp Description:: + @@ -573,6 +626,267 @@ Type:: +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `failureDomains` +| `array` +| failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. + +| `failureDomains[]` +| `object` +| VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain. + +| `nodeNetworking` +| `object` +| nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. + +| `vcenters` +| `array` +| vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. --- + +| `vcenters[]` +| `object` +| VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM. + +|=== +=== .spec.platformSpec.vsphere.failureDomains +Description:: ++ +-- +failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. +-- + +Type:: + `array` + + + + +=== .spec.platformSpec.vsphere.failureDomains[] +Description:: ++ +-- +VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain. +-- + +Type:: + `object` + +Required:: + - `name` + - `region` + - `server` + - `topology` + - `zone` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name defines the arbitrary but unique name of a failure domain. + +| `region` +| `string` +| region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region. + +| `server` +| `string` +| server is the fully-qualified domain name or the IP address of the vCenter server. --- + +| `topology` +| `object` +| Topology describes a given failure domain using vSphere constructs + +| `zone` +| `string` +| zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone. + +|=== +=== .spec.platformSpec.vsphere.failureDomains[].topology +Description:: ++ +-- +Topology describes a given failure domain using vSphere constructs +-- + +Type:: + `object` + +Required:: + - `computeCluster` + - `datacenter` + - `datastore` + - `networks` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `computeCluster` +| `string` +| computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters. + +| `datacenter` +| `string` +| datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters. + +| `datastore` +| `string` +| datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters. + +| `folder` +| `string` +| folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters. + +| `networks` +| `array (string)` +| networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/. + +| `resourcePool` +| `string` +| resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters. + +|=== +=== .spec.platformSpec.vsphere.nodeNetworking +Description:: ++ +-- +nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `external` +| `object` +| external represents the network configuration of the node that is externally routable. + +| `internal` +| `object` +| internal represents the network configuration of the node that is routable only within the cluster. + +|=== +=== .spec.platformSpec.vsphere.nodeNetworking.external +Description:: ++ +-- +external represents the network configuration of the node that is externally routable. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `excludeNetworkSubnetCidr` +| `array (string)` +| excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + +| `network` +| `string` +| network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + +| `networkSubnetCidr` +| `array (string)` +| networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + +|=== +=== .spec.platformSpec.vsphere.nodeNetworking.internal +Description:: ++ +-- +internal represents the network configuration of the node that is routable only within the cluster. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `excludeNetworkSubnetCidr` +| `array (string)` +| excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + +| `network` +| `string` +| network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + +| `networkSubnetCidr` +| `array (string)` +| networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + +|=== +=== .spec.platformSpec.vsphere.vcenters +Description:: ++ +-- +vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. --- +-- + +Type:: + `array` + + + + +=== .spec.platformSpec.vsphere.vcenters[] +Description:: ++ +-- +VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM. +-- + +Type:: + `object` + +Required:: + - `datacenters` + - `server` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `datacenters` +| `array (string)` +| The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology. + +| `port` +| `integer` +| port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time. + +| `server` +| `string` +| server is the fully-qualified domain name or the IP address of the vCenter server. --- + +|=== === .status Description:: + @@ -661,6 +975,10 @@ Type:: | `object` | EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. +| `external` +| `object` +| External contains settings specific to the generic External infrastructure provider. + | `gcp` | `object` | GCP contains settings specific to the Google Cloud Platform infrastructure provider. @@ -929,6 +1247,56 @@ Type:: | `string` | resourceGroupName is the Resource Group for new Azure resources created for the cluster. +| `resourceTags` +| `array` +| resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. + +| `resourceTags[]` +| `object` +| AzureResourceTag is a tag to apply to Azure resources created for the cluster. + +|=== +=== .status.platformStatus.azure.resourceTags +Description:: ++ +-- +resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. +-- + +Type:: + `array` + + + + +=== .status.platformStatus.azure.resourceTags[] +Description:: ++ +-- +AzureResourceTag is a tag to apply to Azure resources created for the cluster. +-- + +Type:: + `object` + +Required:: + - `key` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`. + +| `value` +| `string` +| value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`. + |=== === .status.platformStatus.baremetal Description:: @@ -996,6 +1364,19 @@ Type:: | ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. |=== +=== .status.platformStatus.external +Description:: ++ +-- +External contains settings specific to the generic External infrastructure provider. +-- + +Type:: + `object` + + + + === .status.platformStatus.gcp Description:: + diff --git a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc index 980bd97ea5..3e1808eef9 100644 --- a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc +++ b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc @@ -175,7 +175,7 @@ Required:: | `loadType` | `string` -| loadType indicates how the plugin's localization resource should be loaded. +| loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type. |=== === .spec.proxy diff --git a/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc b/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc index f9654579e3..2ce1c4c96c 100644 --- a/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc +++ b/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc @@ -84,7 +84,7 @@ Required:: | `preserveUnknownFields` | `boolean` -| preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields for details. +| preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details. | `scope` | `string` diff --git a/rest_api/image_apis/image-image-openshift-io-v1.adoc b/rest_api/image_apis/image-image-openshift-io-v1.adoc index a09b41a465..92c981fc2a 100644 --- a/rest_api/image_apis/image-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/image-image-openshift-io-v1.adoc @@ -19,8 +19,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` == Specification @@ -35,11 +33,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -53,8 +51,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -74,7 +80,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -92,7 +98,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -134,6 +140,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .signatures Description:: @@ -207,7 +274,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -516,6 +583,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -707,6 +777,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -750,6 +823,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc b/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc index ec55277349..64542b8e2c 100644 --- a/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc @@ -67,7 +67,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -219,6 +219,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc index e9727c9a43..6037c32645 100644 --- a/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc @@ -36,7 +36,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -184,6 +184,10 @@ Type:: |=== | Property | Type | Description +| `importMode` +| `string` +| ImportMode describes how to import an image manifest. + | `insecure` | `boolean` | Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. @@ -745,6 +749,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -947,6 +954,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -990,6 +1000,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -1147,6 +1160,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -1190,6 +1206,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc index 3cbf78199a..379e2f41dc 100644 --- a/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc @@ -44,7 +44,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | |=== @@ -60,8 +60,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` @@ -75,11 +73,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -93,8 +91,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -114,7 +120,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -132,7 +138,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -174,6 +180,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .image.dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .image.dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .image.signatures Description:: @@ -247,7 +314,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` diff --git a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc index 1133789fa1..cf0b9bf412 100644 --- a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc @@ -41,7 +41,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -159,6 +159,10 @@ Type:: |=== | Property | Type | Description +| `importMode` +| `string` +| ImportMode describes how to import an image manifest. + | `insecure` | `boolean` | Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. @@ -245,6 +249,10 @@ Type:: |=== | Property | Type | Description +| `importMode` +| `string` +| ImportMode describes how to import an image manifest. + | `insecure` | `boolean` | Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. @@ -352,6 +360,16 @@ Required:: Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +| `manifests` +| `array` +| Manifests holds sub-manifests metadata when importing a manifest list + +| `manifests[]` +| `object` +| Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + | `status` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] | Status is the status of the image import, including errors encountered while retrieving the image @@ -373,8 +391,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` @@ -388,11 +404,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -406,8 +422,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -427,7 +451,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -445,7 +469,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -487,6 +511,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .status.images[].image.dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .status.images[].image.dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .status.images[].image.signatures Description:: @@ -560,7 +645,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -671,6 +756,413 @@ Required:: +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `commonName` +| `string` +| Common name (e.g. openshift-signing-service). + +| `organization` +| `string` +| Organization name. + +| `publicKeyID` +| `string` +| If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440). + +|=== +=== .status.images[].manifests +Description:: ++ +-- +Manifests holds sub-manifests metadata when importing a manifest list +-- + +Type:: + `array` + + + + +=== .status.images[].manifests[] +Description:: ++ +-- +Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `dockerImageConfig` +| `string` +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. + +| `dockerImageLayers` +| `array` +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. + +| `dockerImageLayers[]` +| `object` +| ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. + +| `dockerImageManifest` +| `string` +| DockerImageManifest is the raw JSON of the manifest + +| `dockerImageManifestMediaType` +| `string` +| DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. + +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + +| `dockerImageMetadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] +| DockerImageMetadata contains metadata about this image + +| `dockerImageMetadataVersion` +| `string` +| DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0" + +| `dockerImageReference` +| `string` +| DockerImageReference is the string that can be used to pull this image. + +| `dockerImageSignatures` +| `array (string)` +| DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| + +| `signatures` +| `array` +| Signatures holds all signatures of the image. + +| `signatures[]` +| `object` +| ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + +|=== +=== .status.images[].manifests[].dockerImageLayers +Description:: ++ +-- +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. +-- + +Type:: + `array` + + + + +=== .status.images[].manifests[].dockerImageLayers[] +Description:: ++ +-- +ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. +-- + +Type:: + `object` + +Required:: + - `name` + - `size` + - `mediaType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `mediaType` +| `string` +| MediaType of the referenced object. + +| `name` +| `string` +| Name of the layer as defined by the underlying store. + +| `size` +| `integer` +| Size of the layer in bytes as defined by the underlying store. + +|=== +=== .status.images[].manifests[].dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .status.images[].manifests[].dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + +|=== +=== .status.images[].manifests[].signatures +Description:: ++ +-- +Signatures holds all signatures of the image. +-- + +Type:: + `array` + + + + +=== .status.images[].manifests[].signatures[] +Description:: ++ +-- +ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + +Type:: + `object` + +Required:: + - `type` + - `content` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `conditions` +| `array` +| Conditions represent the latest available observations of a signature's current state. + +| `conditions[]` +| `object` +| SignatureCondition describes an image signature condition of particular kind at particular probe time. + +| `content` +| `string` +| Required: An opaque binary string which is an image's signature. + +| `created` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| If specified, it is the time of signature's creation. + +| `imageIdentity` +| `string` +| A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2"). + +| `issuedBy` +| `object` +| SignatureIssuer holds information about an issuer of signing certificate or key. + +| `issuedTo` +| `object` +| SignatureSubject holds information about a person or entity who created the signature. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| + +| `signedClaims` +| `object (string)` +| Contains claims from the signature. + +| `type` +| `string` +| Required: Describes a type of stored blob. + +|=== +=== .status.images[].manifests[].signatures[].conditions +Description:: ++ +-- +Conditions represent the latest available observations of a signature's current state. +-- + +Type:: + `array` + + + + +=== .status.images[].manifests[].signatures[].conditions[] +Description:: ++ +-- +SignatureCondition describes an image signature condition of particular kind at particular probe time. +-- + +Type:: + `object` + +Required:: + - `type` + - `status` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastProbeTime` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| Last time the condition was checked. + +| `lastTransitionTime` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| Last time the condition transit from one status to another. + +| `message` +| `string` +| Human readable message indicating details about last transition. + +| `reason` +| `string` +| (brief) reason for the condition's last transition. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of signature condition, Complete or Failed. + +|=== +=== .status.images[].manifests[].signatures[].issuedBy +Description:: ++ +-- +SignatureIssuer holds information about an issuer of signing certificate or key. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `commonName` +| `string` +| Common name (e.g. openshift-signing-service). + +| `organization` +| `string` +| Organization name. + +|=== +=== .status.images[].manifests[].signatures[].issuedTo +Description:: ++ +-- +SignatureSubject holds information about a person or entity who created the signature. +-- + +Type:: + `object` + +Required:: + - `publicKeyID` + + + [cols="1,1,1",options="header"] |=== | Property | Type | Description @@ -716,7 +1208,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -864,6 +1356,10 @@ Type:: |=== | Property | Type | Description +| `importMode` +| `string` +| ImportMode describes how to import an image manifest. + | `insecure` | `boolean` | Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. @@ -1170,6 +1666,16 @@ Required:: Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +| `manifests` +| `array` +| Manifests holds sub-manifests metadata when importing a manifest list + +| `manifests[]` +| `object` +| Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + | `status` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] | Status is the status of the image import, including errors encountered while retrieving the image @@ -1191,8 +1697,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` @@ -1206,11 +1710,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -1224,8 +1728,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -1245,7 +1757,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -1263,7 +1775,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -1305,6 +1817,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .status.repository.images[].image.dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .status.repository.images[].image.dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .status.repository.images[].image.signatures Description:: @@ -1378,7 +1951,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -1489,6 +2062,413 @@ Required:: +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `commonName` +| `string` +| Common name (e.g. openshift-signing-service). + +| `organization` +| `string` +| Organization name. + +| `publicKeyID` +| `string` +| If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440). + +|=== +=== .status.repository.images[].manifests +Description:: ++ +-- +Manifests holds sub-manifests metadata when importing a manifest list +-- + +Type:: + `array` + + + + +=== .status.repository.images[].manifests[] +Description:: ++ +-- +Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `dockerImageConfig` +| `string` +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. + +| `dockerImageLayers` +| `array` +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. + +| `dockerImageLayers[]` +| `object` +| ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. + +| `dockerImageManifest` +| `string` +| DockerImageManifest is the raw JSON of the manifest + +| `dockerImageManifestMediaType` +| `string` +| DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. + +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + +| `dockerImageMetadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] +| DockerImageMetadata contains metadata about this image + +| `dockerImageMetadataVersion` +| `string` +| DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0" + +| `dockerImageReference` +| `string` +| DockerImageReference is the string that can be used to pull this image. + +| `dockerImageSignatures` +| `array (string)` +| DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| + +| `signatures` +| `array` +| Signatures holds all signatures of the image. + +| `signatures[]` +| `object` +| ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + +|=== +=== .status.repository.images[].manifests[].dockerImageLayers +Description:: ++ +-- +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. +-- + +Type:: + `array` + + + + +=== .status.repository.images[].manifests[].dockerImageLayers[] +Description:: ++ +-- +ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. +-- + +Type:: + `object` + +Required:: + - `name` + - `size` + - `mediaType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `mediaType` +| `string` +| MediaType of the referenced object. + +| `name` +| `string` +| Name of the layer as defined by the underlying store. + +| `size` +| `integer` +| Size of the layer in bytes as defined by the underlying store. + +|=== +=== .status.repository.images[].manifests[].dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .status.repository.images[].manifests[].dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + +|=== +=== .status.repository.images[].manifests[].signatures +Description:: ++ +-- +Signatures holds all signatures of the image. +-- + +Type:: + `array` + + + + +=== .status.repository.images[].manifests[].signatures[] +Description:: ++ +-- +ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose. + +Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +-- + +Type:: + `object` + +Required:: + - `type` + - `content` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `conditions` +| `array` +| Conditions represent the latest available observations of a signature's current state. + +| `conditions[]` +| `object` +| SignatureCondition describes an image signature condition of particular kind at particular probe time. + +| `content` +| `string` +| Required: An opaque binary string which is an image's signature. + +| `created` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| If specified, it is the time of signature's creation. + +| `imageIdentity` +| `string` +| A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2"). + +| `issuedBy` +| `object` +| SignatureIssuer holds information about an issuer of signing certificate or key. + +| `issuedTo` +| `object` +| SignatureSubject holds information about a person or entity who created the signature. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| + +| `signedClaims` +| `object (string)` +| Contains claims from the signature. + +| `type` +| `string` +| Required: Describes a type of stored blob. + +|=== +=== .status.repository.images[].manifests[].signatures[].conditions +Description:: ++ +-- +Conditions represent the latest available observations of a signature's current state. +-- + +Type:: + `array` + + + + +=== .status.repository.images[].manifests[].signatures[].conditions[] +Description:: ++ +-- +SignatureCondition describes an image signature condition of particular kind at particular probe time. +-- + +Type:: + `object` + +Required:: + - `type` + - `status` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastProbeTime` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| Last time the condition was checked. + +| `lastTransitionTime` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| Last time the condition transit from one status to another. + +| `message` +| `string` +| Human readable message indicating details about last transition. + +| `reason` +| `string` +| (brief) reason for the condition's last transition. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of signature condition, Complete or Failed. + +|=== +=== .status.repository.images[].manifests[].signatures[].issuedBy +Description:: ++ +-- +SignatureIssuer holds information about an issuer of signing certificate or key. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `commonName` +| `string` +| Common name (e.g. openshift-signing-service). + +| `organization` +| `string` +| Organization name. + +|=== +=== .status.repository.images[].manifests[].signatures[].issuedTo +Description:: ++ +-- +SignatureSubject holds information about a person or entity who created the signature. +-- + +Type:: + `object` + +Required:: + - `publicKeyID` + + + [cols="1,1,1",options="header"] |=== | Property | Type | Description @@ -1536,6 +2516,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc index 9e92d9ae43..9ccc24421d 100644 --- a/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc @@ -55,7 +55,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | |=== @@ -143,6 +143,10 @@ Type:: | `array (string)` | layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers. +| `manifests` +| `array (string)` +| manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config. + |=== == API endpoints diff --git a/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc index 8c267c0f6c..077b841105 100644 --- a/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc @@ -45,7 +45,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `tag` @@ -65,8 +65,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` @@ -80,11 +78,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -98,8 +96,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -119,7 +125,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -137,7 +143,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -179,6 +185,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .image.dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .image.dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .image.signatures Description:: @@ -252,7 +319,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -410,6 +477,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc index 8594945c4b..cf4befe1de 100644 --- a/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc @@ -63,7 +63,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace. | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `tag` @@ -142,8 +142,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` @@ -157,11 +155,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -175,8 +173,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -196,7 +202,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -214,7 +220,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -256,6 +262,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .image.dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .image.dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .image.signatures Description:: @@ -329,7 +396,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -546,6 +613,10 @@ Type:: |=== | Property | Type | Description +| `importMode` +| `string` +| ImportMode describes how to import an image manifest. + | `insecure` | `boolean` | Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. @@ -757,6 +828,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -886,6 +960,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -929,6 +1006,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc b/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc index 16d1544a05..a092299a1a 100644 --- a/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc @@ -46,7 +46,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -70,8 +70,6 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Type:: `object` -Required:: - - `dockerImageLayers` @@ -85,11 +83,11 @@ Required:: | `dockerImageConfig` | `string` -| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. +| DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list. | `dockerImageLayers` | `array` -| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +| DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. | `dockerImageLayers[]` | `object` @@ -103,8 +101,16 @@ Required:: | `string` | DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. +| `dockerImageManifests` +| `array` +| DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. + +| `dockerImageManifests[]` +| `object` +| ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. + | `dockerImageMetadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | DockerImageMetadata contains metadata about this image | `dockerImageMetadataVersion` @@ -124,7 +130,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signatures` @@ -142,7 +148,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Description:: + -- -DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. +DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. -- Type:: @@ -184,6 +190,67 @@ Required:: | `integer` | Size of the layer in bytes as defined by the underlying store. +|=== +=== .image.dockerImageManifests +Description:: ++ +-- +DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified. +-- + +Type:: + `array` + + + + +=== .image.dockerImageManifests[] +Description:: ++ +-- +ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object. +-- + +Type:: + `object` + +Required:: + - `digest` + - `mediaType` + - `manifestSize` + - `architecture` + - `os` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + +| `digest` +| `string` +| Digest is the unique identifier for the manifest. It refers to an Image object. + +| `manifestSize` +| `integer` +| ManifestSize represents the size of the raw object contents, in bytes. + +| `mediaType` +| `string` +| MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + +| `os` +| `string` +| OS specifies the operating system, for example `linux`. + +| `variant` +| `string` +| Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU. + |=== === .image.signatures Description:: @@ -257,7 +324,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `signedClaims` @@ -450,6 +517,10 @@ Type:: |=== | Property | Type | Description +| `importMode` +| `string` +| ImportMode describes how to import an image manifest. + | `insecure` | `boolean` | Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import. @@ -813,6 +884,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -942,6 +1016,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -985,6 +1062,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc b/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc index 14faf4f0e9..cc612ff807 100644 --- a/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] | Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |=== diff --git a/rest_api/index.adoc b/rest_api/index.adoc index 6050ea9a32..f8ae6e4c9e 100644 --- a/rest_api/index.adoc +++ b/rest_api/index.adoc @@ -160,8 +160,6 @@ | config.openshift.io/v1 | xref:./provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc#firmwareschema-metal3-io-v1alpha1[FirmwareSchema] | metal3.io/v1alpha1 -| xref:./schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[FlowSchema] -| flowcontrol.apiserver.k8s.io/v1beta1 | xref:./user_and_group_apis/group-user-openshift-io-v1.adoc#group-user-openshift-io-v1[Group] | user.openshift.io/v1 | xref:./provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc#hardwaredata-metal3-io-v1alpha1[HardwareData] @@ -182,6 +180,8 @@ | config.openshift.io/v1 | xref:./operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc#imagecontentsourcepolicy-operator-openshift-io-v1alpha1[ImageContentSourcePolicy] | operator.openshift.io/v1alpha1 +| xref:./config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[ImageDigestMirrorSet] +| config.openshift.io/v1 | xref:./operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc#imagepruner-imageregistry-operator-openshift-io-v1[ImagePruner] | imageregistry.operator.openshift.io/v1 | xref:./image_apis/imagesignature-image-openshift-io-v1.adoc#imagesignature-image-openshift-io-v1[ImageSignature] @@ -200,6 +200,8 @@ | image.openshift.io/v1 | xref:./image_apis/imagetag-image-openshift-io-v1.adoc#imagetag-image-openshift-io-v1[ImageTag] | image.openshift.io/v1 +| xref:./config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[ImageTagMirrorSet] +| config.openshift.io/v1 | xref:./config_apis/infrastructure-config-openshift-io-v1.adoc#infrastructure-config-openshift-io-v1[Infrastructure] | config.openshift.io/v1 | xref:./config_apis/ingress-config-openshift-io-v1.adoc#ingress-config-openshift-io-v1[Ingress] @@ -250,6 +252,10 @@ | machine.openshift.io/v1beta1 | xref:./machine_apis/machineset-machine-openshift-io-v1beta1.adoc#machineset-machine-openshift-io-v1beta1[MachineSet] | machine.openshift.io/v1beta1 +| xref:./provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[Metal3Remediation] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[Metal3RemediationTemplate] +| infrastructure.cluster.x-k8s.io/v1beta1 | xref:./extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[MutatingWebhookConfiguration] | admissionregistration.k8s.io/v1 | xref:./metadata_apis/namespace-v1.adoc#namespace-v1[Namespace] @@ -298,7 +304,7 @@ | packages.operators.coreos.com/v1 | xref:./node_apis/performanceprofile-performance-openshift-io-v2.adoc#performanceprofile-performance-openshift-io-v2[PerformanceProfile] | performance.openshift.io/v2 -| xref:./workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[PersistentVolume] +| xref:./storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[PersistentVolume] | v1 | xref:./storage_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[PersistentVolumeClaim] | v1 @@ -322,8 +328,6 @@ | metal3.io/v1alpha1 | xref:./schedule_and_quota_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[PriorityClass] | scheduling.k8s.io/v1 -| xref:./schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[PriorityLevelConfiguration] -| flowcontrol.apiserver.k8s.io/v1beta1 | xref:./monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[Probe] | monitoring.coreos.com/v1 | xref:./node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[Profile] diff --git a/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc index 1b2afe95ab..f0e01a065a 100644 --- a/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc +++ b/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc @@ -59,13 +59,14 @@ Type:: `object` Required:: + - `baseOSContainerImage` + - `baseOSExtensionsContainerImage` - `cloudProviderConfig` - `clusterDNSIP` - `images` - `ipFamilies` - `kubeAPIServerServingCAData` - `osImageURL` - - `baseOSContainerImage` - `releaseImage` - `rootCAData` @@ -81,11 +82,11 @@ Required:: | `baseOSContainerImage` | `string` -| baseOSContainerImage is the new format operating system update image. See https://github.com/openshift/enhancements/pull/1032 +| BaseOSContainerImage is the new-format container image for operating system updates. | `baseOSExtensionsContainerImage` | `string` -| baseOSExtensionsContainerImage is the extensions container matching new format operating system update image. See https://github.com/openshift/enhancements/pull/1032 +| BaseOSExtensionsContainerImage is the matching extensions container for the new-format container | `cloudProviderCAData` | `` @@ -125,7 +126,7 @@ Required:: | `network` | `` -| network contains additional network related information +| Network contains additional network related information | `networkType` | `string` @@ -133,7 +134,7 @@ Required:: | `osImageURL` | `string` -| osImageURL is the location of the container image that contains the OS update payload. Its value is taken from the data.osImageURL field on the machine-config-osimageurl ConfigMap. +| OSImageURL is the old-format container image that contains the OS update payload. | `platform` | `string` diff --git a/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc b/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc index ce73e39a85..8552baae4b 100644 --- a/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc +++ b/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc @@ -94,8 +94,9 @@ Type:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - // other fields } +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } | `currentHour` | `object` @@ -135,8 +136,9 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - // other fields } +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } -- Type:: diff --git a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc index b138074673..a83c612d90 100644 --- a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc @@ -45,7 +45,7 @@ Required:: | `status` | `object` -| Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +| Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== === .spec @@ -73,6 +73,10 @@ Type:: | `object` | If specified, the pod's scheduling constraints. +| `alertmanagerConfigMatcherStrategy` +| `object` +| The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. In the future more options may be added. + | `alertmanagerConfigNamespaceSelector` | `object` | Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. @@ -107,13 +111,13 @@ Type:: | `configMaps` | `array (string)` -| ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. +| ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. | `configSecret` | `string` -| ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to 'alertmanager-'. - The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret. - If either the secret or the `alertmanager.yaml` key is missing, the operator provisions an Alertmanager configuration with one empty receiver (effectively dropping alert notifications). +| ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. + The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret and mounted into the `/etc/alertmanager/config` directory in the `alertmanager` container. + If either the secret or the `alertmanager.yaml` key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications). | `containers` | `array` @@ -143,6 +147,10 @@ Type:: | `string` | Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. +| `imagePullPolicy` +| `string` +| Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + | `imagePullSecrets` | `array` | An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod @@ -173,7 +181,7 @@ Type:: | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. +| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. | `nodeSelector` | `object (string)` @@ -213,7 +221,7 @@ Type:: | `secrets` | `array (string)` -| Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. +| Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. | `securityContext` | `object` @@ -1600,6 +1608,28 @@ Required:: | `array (string)` | values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +|=== +=== .spec.alertmanagerConfigMatcherStrategy +Description:: ++ +-- +The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. In the future more options may be added. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `type` +| `string` +| If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. Default is `OnNamespace`. + |=== === .spec.alertmanagerConfigNamespaceSelector Description:: @@ -2222,11 +2252,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -2245,7 +2275,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -2335,7 +2365,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -3869,6 +3899,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -3877,6 +3917,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.containers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.containers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.containers[].securityContext Description:: @@ -5776,6 +5855,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -5784,6 +5873,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.initContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.initContainers[].securityContext Description:: @@ -6340,6 +6468,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6348,6 +6486,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.securityContext Description:: @@ -6398,7 +6575,7 @@ Type:: | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` @@ -6575,22 +6752,22 @@ Type:: | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +| EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| A PVC spec to be used by the Prometheus StatefulSets. +| A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. |=== === .spec.storage.emptyDir Description:: + -- -EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- Type:: @@ -6616,7 +6793,7 @@ Type:: Description:: + -- -EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes -- Type:: @@ -6704,11 +6881,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -6735,7 +6912,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -6768,7 +6945,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -6796,6 +6973,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -6814,6 +6995,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6822,6 +7013,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.selector Description:: @@ -6903,7 +7133,7 @@ Required:: Description:: + -- -A PVC spec to be used by the Prometheus StatefulSets. +A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. -- Type:: @@ -6990,11 +7220,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -7021,7 +7251,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -7054,7 +7284,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -7082,6 +7312,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.storage.volumeClaimTemplate.spec.resources Description:: @@ -7100,6 +7334,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -7108,6 +7352,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.storage.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.storage.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.storage.volumeClaimTemplate.spec.selector Description:: @@ -7395,12 +7678,12 @@ Required:: | `nodeAffinityPolicy` | `string` | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` @@ -8347,11 +8630,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -8378,7 +8661,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -8411,7 +8694,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -8439,6 +8722,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -8457,6 +8744,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -8465,6 +8762,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.selector Description:: @@ -10157,7 +10493,7 @@ Required:: Description:: + -- -Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- Type:: @@ -10180,21 +10516,88 @@ Required:: | `integer` | Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. +| `conditions` +| `array` +| The current state of the Alertmanager object. + +| `conditions[]` +| `object` +| Condition represents the state of the resources associated with the Prometheus or Alertmanager resource. + | `paused` | `boolean` | Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. | `replicas` | `integer` -| Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). +| Total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector). | `unavailableReplicas` | `integer` -| Total number of unavailable pods targeted by this Alertmanager cluster. +| Total number of unavailable pods targeted by this Alertmanager object. | `updatedReplicas` | `integer` -| Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. +| Total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec. + +|=== +=== .status.conditions +Description:: ++ +-- +The current state of the Alertmanager object. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition represents the state of the resources associated with the Prometheus or Alertmanager resource. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the time of the last update to the current status property. + +| `message` +| `string` +| Human-readable message indicating details for the condition's last transition. + +| `observedGeneration` +| `integer` +| ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| Reason for the condition's last transition. + +| `status` +| `string` +| Status of the condition. + +| `type` +| `string` +| Type of the condition being reported. |=== @@ -10213,6 +10616,10 @@ The following API endpoints are available: - `GET`: read the specified Alertmanager - `PATCH`: partially update the specified Alertmanager - `PUT`: replace the specified Alertmanager +* `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers/{name}/status` +- `GET`: read status of the specified Alertmanager +- `PATCH`: partially update status of the specified Alertmanager +- `PUT`: replace status of the specified Alertmanager === /apis/monitoring.coreos.com/v1/alertmanagers @@ -10647,3 +11054,140 @@ Description:: |=== +=== /apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Alertmanager +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `GET` + +Description:: + read status of the specified Alertmanager + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc#alertmanager-monitoring-coreos-com-v1[`Alertmanager`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Alertmanager + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc#alertmanager-monitoring-coreos-com-v1[`Alertmanager`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Alertmanager + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc#alertmanager-monitoring-coreos-com-v1[`Alertmanager`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc#alertmanager-monitoring-coreos-com-v1[`Alertmanager`] schema +| 201 - Created +| xref:../monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc#alertmanager-monitoring-coreos-com-v1[`Alertmanager`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc index 5c400b7888..e968618a0f 100644 --- a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc +++ b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc @@ -63,7 +63,7 @@ Type:: | `inhibitRules` | `array` -| List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. +| List of inhibition rules. The rules will only apply to alerts matching the resource's namespace. | `inhibitRules[]` | `object` @@ -79,7 +79,7 @@ Type:: | `route` | `object` -| The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. +| The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. | `timeIntervals` | `array` @@ -94,7 +94,7 @@ Type:: Description:: + -- -List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. +List of inhibition rules. The rules will only apply to alerts matching the resource's namespace. -- Type:: @@ -126,7 +126,7 @@ Type:: | `sourceMatch` | `array` -| Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. +| Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace. | `sourceMatch[]` | `object` @@ -134,7 +134,7 @@ Type:: | `targetMatch` | `array` -| Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. +| Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace. | `targetMatch[]` | `object` @@ -145,7 +145,7 @@ Type:: Description:: + -- -Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. +Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace. -- Type:: @@ -190,7 +190,7 @@ Required:: Description:: + -- -Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. +Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace. -- Type:: @@ -558,11 +558,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -581,7 +581,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -671,7 +671,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -1361,11 +1361,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -1384,7 +1384,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -1474,7 +1474,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -2192,11 +2192,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -2215,7 +2215,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -2305,7 +2305,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -2631,7 +2631,7 @@ Type:: | `token` | `object` -| The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. | `url` | `string` @@ -2643,7 +2643,7 @@ Type:: | `userKey` | `object` -| The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. |=== === .spec.receivers[].pushoverConfigs[].httpConfig @@ -3052,11 +3052,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -3075,7 +3075,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -3165,7 +3165,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -3287,7 +3287,7 @@ Required:: Description:: + -- -The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- Type:: @@ -3316,7 +3316,7 @@ Required:: Description:: + -- -The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. -- Type:: @@ -4047,11 +4047,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -4070,7 +4070,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -4160,7 +4160,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -4755,11 +4755,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -4778,7 +4778,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -4868,7 +4868,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -5586,11 +5586,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -5609,7 +5609,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -5699,7 +5699,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -6369,11 +6369,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -6392,7 +6392,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -6482,7 +6482,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -7057,11 +7057,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -7080,7 +7080,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -7170,7 +7170,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -7827,11 +7827,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -7850,7 +7850,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -7940,7 +7940,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -8062,7 +8062,7 @@ Required:: Description:: + -- -The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. +The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. -- Type:: @@ -8075,6 +8075,10 @@ Type:: |=== | Property | Type | Description +| `activeTimeIntervals` +| `array (string)` +| ActiveTimeIntervals is a list of TimeInterval names when this route should be active. + | `continue` | `boolean` | Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. @@ -8093,7 +8097,7 @@ Type:: | `matchers` | `array` -| List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. +| List of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. | `matchers[]` | `object` @@ -8101,7 +8105,7 @@ Type:: | `muteTimeIntervals` | `array (string)` -| Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn't support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can't validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched, +| Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn't support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can't validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of TimeInterval names that will mute this route when matched. | `receiver` | `string` @@ -8120,7 +8124,7 @@ Type:: Description:: + -- -List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. +List of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. -- Type:: diff --git a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc index f8eba7ab55..01751618ff 100644 --- a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc @@ -66,7 +66,7 @@ Required:: | `attachMetadata` | `object` -| Attaches node metadata to discovered targets. Only valid for role: pod. Only valid in Prometheus versions 2.35.0 and newer. +| Attaches node metadata to discovered targets. Requires Prometheus v2.35.0 and above. | `jobLabel` | `string` @@ -117,7 +117,7 @@ Required:: Description:: + -- -Attaches node metadata to discovered targets. Only valid for role: pod. Only valid in Prometheus versions 2.35.0 and newer. +Attaches node metadata to discovered targets. Requires Prometheus v2.35.0 and above. -- Type:: @@ -207,6 +207,10 @@ Type:: | `boolean` | Whether to enable HTTP2. +| `filterRunning` +| `boolean` +| Drop pods that are not running. (Failed, Succeeded). Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + | `followRedirects` | `boolean` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -774,11 +778,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -797,7 +801,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -887,7 +891,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: diff --git a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc index a5261aa27d..45bbeb9872 100644 --- a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc @@ -906,11 +906,11 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `insecureSkipVerify` | `boolean` @@ -929,7 +929,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -1019,7 +1019,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: diff --git a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc index 27ac5c6df8..502897d32a 100644 --- a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc @@ -111,7 +111,7 @@ Type:: | `configMaps` | `array (string)` -| ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. +| ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. | `containers` | `array` @@ -199,6 +199,10 @@ Type:: | `object` | HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. +| `hostNetwork` +| `boolean` +| Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. + | `ignoreNamespaceSelectors` | `boolean` | IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. They will only discover endpoints within the namespace of the PodMonitor, ServiceMonitor and Probe objects. Defaults to false. @@ -207,6 +211,10 @@ Type:: | `string` | Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. +| `imagePullPolicy` +| `string` +| Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + | `imagePullSecrets` | `array` | An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod @@ -237,7 +245,7 @@ Type:: | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. +| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. | `nodeSelector` | `object (string)` @@ -265,7 +273,12 @@ Type:: | `podMonitorSelector` | `object` -| *Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged. +| *Experimental* PodMonitors to be selected for target discovery. + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. + +| `podTargetLabels` +| `array (string)` +| PodTargetLabels are added to all Pod/ServiceMonitors' podTargetLabels | `portName` | `string` @@ -281,7 +294,8 @@ Type:: | `probeSelector` | `object` -| *Experimental* Probes to be selected for target discovery. +| *Experimental* Probes to be selected for target discovery. + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. | `prometheusExternalLabelName` | `string` @@ -365,7 +379,7 @@ Type:: | `secrets` | `array (string)` -| Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. +| Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-`. The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. | `securityContext` | `object` @@ -381,7 +395,8 @@ Type:: | `serviceMonitorSelector` | `object` -| ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. +| ServiceMonitors to be selected for target discovery. + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. | `sha` | `string` @@ -421,6 +436,10 @@ Type:: | `object` | TopologySpreadConstraint specifies how to spread matching pods among the given topology. +| `tsdb` +| `object` +| Defines the runtime reloadable configuration of the timeseries database (TSDB). + | `version` | `string` | Version of Prometheus to be deployed. @@ -1982,10 +2001,18 @@ Required:: | `object` | Authorization section for this alertmanager endpoint +| `basicAuth` +| `object` +| BasicAuth allow an endpoint to authenticate over basic authentication + | `bearerTokenFile` | `string` | BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. +| `enableHttp2` +| `boolean` +| Whether to enable HTTP2. + | `name` | `string` | Name of Endpoints object in Namespace. @@ -2056,6 +2083,96 @@ Required:: +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key of the secret to select from. Must be a valid secret key. + +| `name` +| `string` +| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + +| `optional` +| `boolean` +| Specify whether the Secret or its key must be defined + +|=== +=== .spec.alerting.alertmanagers[].basicAuth +Description:: ++ +-- +BasicAuth allow an endpoint to authenticate over basic authentication +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `password` +| `object` +| The secret in the service monitor namespace that contains the password for authentication. + +| `username` +| `object` +| The secret in the service monitor namespace that contains the username for authentication. + +|=== +=== .spec.alerting.alertmanagers[].basicAuth.password +Description:: ++ +-- +The secret in the service monitor namespace that contains the password for authentication. +-- + +Type:: + `object` + +Required:: + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| The key of the secret to select from. Must be a valid secret key. + +| `name` +| `string` +| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + +| `optional` +| `boolean` +| Specify whether the Secret or its key must be defined + +|=== +=== .spec.alerting.alertmanagers[].basicAuth.username +Description:: ++ +-- +The secret in the service monitor namespace that contains the username for authentication. +-- + +Type:: + `object` + +Required:: + - `key` + + + [cols="1,1,1",options="header"] |=== | Property | Type | Description @@ -2092,7 +2209,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -2100,7 +2217,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -2127,7 +2244,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -2217,7 +2334,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -2550,7 +2667,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -2558,7 +2675,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -2585,7 +2702,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -2675,7 +2792,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -4128,6 +4245,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -4136,6 +4263,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.containers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.containers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.containers[].securityContext Description:: @@ -6107,6 +6273,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6115,6 +6291,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.initContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.initContainers[].securityContext Description:: @@ -6734,7 +6949,8 @@ Required:: Description:: + -- -*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged. +*Experimental* PodMonitors to be selected for target discovery. + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. -- Type:: @@ -6886,7 +7102,8 @@ Required:: Description:: + -- -*Experimental* Probes to be selected for target discovery. +*Experimental* Probes to be selected for target discovery. + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. -- Type:: @@ -7082,6 +7299,10 @@ Required:: | `string` | File to read bearer token for remote read. +| `filterExternalLabels` +| `boolean` +| Whether to use the external labels as selectors for the remote read endpoint. Requires Prometheus v2.34.0 and above. + | `headers` | `object (string)` | Custom HTTP headers to be sent along with each remote read request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.26.0 and newer. @@ -7454,7 +7675,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -7462,7 +7683,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -7489,7 +7710,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -7579,7 +7800,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -8315,7 +8536,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -8323,7 +8544,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -8350,7 +8571,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -8440,7 +8661,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -8634,6 +8855,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -8642,6 +8873,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.ruleNamespaceSelector Description:: @@ -8896,7 +9166,7 @@ Type:: | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` @@ -9130,7 +9400,8 @@ Required:: Description:: + -- -ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. +ServiceMonitors to be selected for target discovery. + If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead. -- Type:: @@ -9225,22 +9496,22 @@ Type:: | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +| EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| A PVC spec to be used by the Prometheus StatefulSets. +| A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. |=== === .spec.storage.emptyDir Description:: + -- -EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- Type:: @@ -9266,7 +9537,7 @@ Type:: Description:: + -- -EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes -- Type:: @@ -9354,11 +9625,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -9385,7 +9656,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -9418,7 +9689,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -9446,6 +9717,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -9464,6 +9739,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -9472,6 +9757,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.selector Description:: @@ -9553,7 +9877,7 @@ Required:: Description:: + -- -A PVC spec to be used by the Prometheus StatefulSets. +A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. -- Type:: @@ -9640,11 +9964,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -9671,7 +9995,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -9704,7 +10028,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -9732,6 +10056,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.storage.volumeClaimTemplate.spec.resources Description:: @@ -9750,6 +10078,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -9758,6 +10096,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.storage.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.storage.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.storage.volumeClaimTemplate.spec.selector Description:: @@ -9970,9 +10347,17 @@ Type:: | `string` | Thanos base image if other than default. Deprecated: use 'image' instead +| `grpcListenLocal` +| `boolean` +| If true, the Thanos sidecar listens on the loopback interface for the gRPC endpoints. It has no effect if `listenLocal` is true. + | `grpcServerTlsConfig` | `object` -| GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args. +| GRPCServerTLSConfig configures the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args. + +| `httpListenLocal` +| `boolean` +| If true, the Thanos sidecar listens on the loopback interface for the HTTP endpoints. It has no effect if `listenLocal` is true. | `image` | `string` @@ -9980,7 +10365,7 @@ Type:: | `listenLocal` | `boolean` -| ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. +| If true, the Thanos sidecar listens on the loopback interface for the HTTP and gRPC endpoints. It takes precedence over `grpcListenLocal` and `httpListenLocal`. Deprecated: use `grpcListenLocal` and `httpListenLocal` instead. | `logFormat` | `string` @@ -10084,7 +10469,7 @@ Required:: Description:: + -- -GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args. +GRPCServerTLSConfig configures the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args. -- Type:: @@ -10099,7 +10484,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -10107,7 +10492,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -10134,7 +10519,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -10224,7 +10609,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -10391,6 +10776,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -10399,6 +10794,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.thanos.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.thanos.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.thanos.tracingConfig Description:: @@ -10596,12 +11030,12 @@ Required:: | `nodeAffinityPolicy` | `string` | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` @@ -10687,6 +11121,28 @@ Required:: | `array (string)` | values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +|=== +=== .spec.tsdb +Description:: ++ +-- +Defines the runtime reloadable configuration of the timeseries database (TSDB). +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `outOfOrderTimeWindow` +| `string` +| Configures how old an out-of-order/out-of-bounds sample can be w.r.t. the TSDB max time. An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). Out of order ingestion is an experimental feature and requires Prometheus >= v2.39.0. + |=== === .spec.volumeMounts Description:: @@ -11548,11 +12004,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -11579,7 +12035,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -11612,7 +12068,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -11640,6 +12096,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -11658,6 +12118,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -11666,6 +12136,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.selector Description:: @@ -13016,6 +13525,10 @@ Type:: | `object` | Defines HTTP parameters for web server. +| `maxConnections` +| `integer` +| Defines the maximum number of simultaneous connections A zero value means that Prometheus doesn't accept any incoming connection. + | `pageTitle` | `string` | The prometheus web page title @@ -13391,7 +13904,7 @@ Required:: | `conditions[]` | `object` -| PrometheusCondition represents the state of the resources associated with the Prometheus resource. +| Condition represents the state of the resources associated with the Prometheus or Alertmanager resource. | `paused` | `boolean` @@ -13435,7 +13948,7 @@ Type:: Description:: + -- -PrometheusCondition represents the state of the resources associated with the Prometheus resource. +Condition represents the state of the resources associated with the Prometheus or Alertmanager resource. -- Type:: @@ -13460,13 +13973,17 @@ Required:: | `string` | Human-readable message indicating details for the condition's last transition. +| `observedGeneration` +| `integer` +| ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance. + | `reason` | `string` | Reason for the condition's last transition. | `status` | `string` -| status of the condition. +| Status of the condition. | `type` | `string` diff --git a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc index cb5e7b8b4a..14398811a9 100644 --- a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc @@ -67,7 +67,7 @@ Type:: | `groups[]` | `object` -| RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are 'warn' or 'abort'. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response +| RuleGroup is a list of sequentially evaluated recording and alerting rules. |=== === .spec.groups @@ -87,7 +87,7 @@ Type:: Description:: + -- -RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are 'warn' or 'abort'. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response +RuleGroup is a list of sequentially evaluated recording and alerting rules. -- Type:: @@ -105,19 +105,19 @@ Required:: | `interval` | `string` -| +| Interval determines how often rules in the group are evaluated. | `name` | `string` -| +| Name of the rule group. | `partial_response_strategy` | `string` -| +| PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response | `rules` | `array` -| +| List of alerting and recording rules. | `rules[]` | `object` @@ -128,7 +128,7 @@ Required:: Description:: + -- - +List of alerting and recording rules. -- Type:: @@ -158,27 +158,27 @@ Required:: | `alert` | `string` -| +| Name of the alert. Must be a valid label value. Only one of `record` and `alert` must be set. | `annotations` | `object (string)` -| +| Annotations to add to each alert. Only valid for alerting rules. | `expr` | `integer-or-string` -| +| PromQL expression to evaluate. | `for` | `string` -| +| Alerts are considered firing once they have been returned for this long. | `labels` | `object (string)` -| +| Labels to add or overwrite. | `record` | `string` -| +| Name of the time series to output to. Must be a valid metric name. Only one of `record` and `alert` must be set. |=== diff --git a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc index 8b3aa5a2c5..1b93d0b7e3 100644 --- a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc @@ -64,6 +64,10 @@ Required:: |=== | Property | Type | Description +| `attachMetadata` +| `object` +| Attaches node metadata to discovered targets. Requires Prometheus v2.37.0 and above. + | `endpoints` | `array` | A list of endpoints allowed as part of this ServiceMonitor. @@ -114,6 +118,28 @@ Required:: | `integer` | TargetLimit defines a limit on the number of scraped targets that will be accepted. +|=== +=== .spec.attachMetadata +Description:: ++ +-- +Attaches node metadata to discovered targets. Requires Prometheus v2.37.0 and above. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `node` +| `boolean` +| When set to true, Prometheus must have permissions to get Nodes. + |=== === .spec.endpoints Description:: @@ -165,6 +191,10 @@ Type:: | `boolean` | Whether to enable HTTP2. +| `filterRunning` +| `boolean` +| Drop pods that are not running. (Failed, Succeeded). Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase + | `followRedirects` | `boolean` | FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -732,7 +762,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -740,7 +770,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -767,7 +797,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -857,7 +887,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: diff --git a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc index 48dc47da90..1800f7673d 100644 --- a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc @@ -65,6 +65,14 @@ Type:: |=== | Property | Type | Description +| `additionalArgs` +| `array` +| AdditionalArgs allows setting additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported by the given ThanosRuler version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged. + +| `additionalArgs[]` +| `object` +| Argument as part of the AdditionalArgs list. + | `affinity` | `object` | If specified, the pod's scheduling constraints. @@ -137,6 +145,10 @@ Type:: | `string` | Thanos container image URL. +| `imagePullPolicy` +| `string` +| Image pull policy for the 'thanos', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. + | `imagePullSecrets` | `array` | An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod @@ -171,7 +183,7 @@ Type:: | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. +| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. | `nodeSelector` | `object (string)` @@ -277,6 +289,10 @@ Type:: | `string` | TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence. +| `version` +| `string` +| Version of Thanos to be deployed. + | `volumes` | `array` | Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. @@ -285,6 +301,47 @@ Type:: | `object` | Volume represents a named volume in a pod that may be accessed by any container in the pod. +|=== +=== .spec.additionalArgs +Description:: ++ +-- +AdditionalArgs allows setting additional arguments for the ThanosRuler container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the ThanosRuler container which may cause issues if they are invalid or not supported by the given ThanosRuler version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged. +-- + +Type:: + `array` + + + + +=== .spec.additionalArgs[] +Description:: ++ +-- +Argument as part of the AdditionalArgs list. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the argument, e.g. "scrape.discovery-reload-interval". + +| `value` +| `string` +| Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile) + |=== === .spec.affinity Description:: @@ -2988,6 +3045,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -2996,6 +3063,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.containers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.containers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.containers[].securityContext Description:: @@ -3574,7 +3680,7 @@ Type:: | `ca` | `object` -| Struct containing the CA cert to use for the targets. +| Certificate authority used when verifying server certificates. | `caFile` | `string` @@ -3582,7 +3688,7 @@ Type:: | `cert` | `object` -| Struct containing the client cert file for the targets. +| Client certificate to present when doing client-authentication. | `certFile` | `string` @@ -3609,7 +3715,7 @@ Type:: Description:: + -- -Struct containing the CA cert to use for the targets. +Certificate authority used when verifying server certificates. -- Type:: @@ -3699,7 +3805,7 @@ Required:: Description:: + -- -Struct containing the client cert file for the targets. +Client certificate to present when doing client-authentication. -- Type:: @@ -5207,6 +5313,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -5215,6 +5331,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.initContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.initContainers[].securityContext Description:: @@ -5877,6 +6032,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -5885,6 +6050,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.ruleNamespaceSelector Description:: @@ -6087,7 +6291,7 @@ Type:: | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` @@ -6264,22 +6468,22 @@ Type:: | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +| EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| A PVC spec to be used by the Prometheus StatefulSets. +| A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. |=== === .spec.storage.emptyDir Description:: + -- -EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- Type:: @@ -6305,7 +6509,7 @@ Type:: Description:: + -- -EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes -- Type:: @@ -6393,11 +6597,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -6424,7 +6628,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -6457,7 +6661,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -6485,6 +6689,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -6503,6 +6711,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6511,6 +6729,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.selector Description:: @@ -6592,7 +6849,7 @@ Required:: Description:: + -- -A PVC spec to be used by the Prometheus StatefulSets. +A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. -- Type:: @@ -6679,11 +6936,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -6710,7 +6967,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -6743,7 +7000,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -6771,6 +7028,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.storage.volumeClaimTemplate.spec.resources Description:: @@ -6789,6 +7050,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6797,6 +7068,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.storage.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.storage.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.storage.volumeClaimTemplate.spec.selector Description:: @@ -7084,12 +7394,12 @@ Required:: | `nodeAffinityPolicy` | `string` | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` @@ -8010,11 +8320,11 @@ Type:: | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -8041,7 +8351,7 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -8074,7 +8384,7 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -8102,6 +8412,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -8120,6 +8434,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -8128,6 +8452,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.selector Description:: diff --git a/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc b/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc index 9774dd7ca8..74c9a240c4 100644 --- a/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc +++ b/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc @@ -154,11 +154,11 @@ Type:: | `serving` | `boolean` -| serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition. This field can be enabled with the EndpointSliceTerminatingCondition feature gate. +| serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition. | `terminating` | `boolean` -| terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating. This field can be enabled with the EndpointSliceTerminatingCondition feature gate. +| terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating. |=== === .endpoints[].hints diff --git a/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc b/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc index a33dc5a2ef..6c31c44a7c 100644 --- a/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc +++ b/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc @@ -435,8 +435,135 @@ Type:: | Property | Type | Description | `loadBalancer` -| xref:../objects/index.adoc#io.k8s.api.core.v1.LoadBalancerStatus[`LoadBalancerStatus`] -| LoadBalancer contains the current status of the load-balancer. +| `object` +| IngressLoadBalancerStatus represents the status of a load-balancer. + +|=== +=== .status.loadBalancer +Description:: ++ +-- +IngressLoadBalancerStatus represents the status of a load-balancer. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ingress` +| `array` +| Ingress is a list containing ingress points for the load-balancer. + +| `ingress[]` +| `object` +| IngressLoadBalancerIngress represents the status of a load-balancer ingress point. + +|=== +=== .status.loadBalancer.ingress +Description:: ++ +-- +Ingress is a list containing ingress points for the load-balancer. +-- + +Type:: + `array` + + + + +=== .status.loadBalancer.ingress[] +Description:: ++ +-- +IngressLoadBalancerIngress represents the status of a load-balancer ingress point. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `hostname` +| `string` +| Hostname is set for load-balancer ingress points that are DNS based. + +| `ip` +| `string` +| IP is set for load-balancer ingress points that are IP based. + +| `ports` +| `array` +| Ports provides information about the ports exposed by this LoadBalancer. + +| `ports[]` +| `object` +| IngressPortStatus represents the error condition of a service port + +|=== +=== .status.loadBalancer.ingress[].ports +Description:: ++ +-- +Ports provides information about the ports exposed by this LoadBalancer. +-- + +Type:: + `array` + + + + +=== .status.loadBalancer.ingress[].ports[] +Description:: ++ +-- +IngressPortStatus represents the error condition of a service port +-- + +Type:: + `object` + +Required:: + - `port` + - `protocol` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `error` +| `string` +| Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use + CamelCase names +- cloud provider specific error values must have names that comply with the + format foo.example.com/CamelCase. + +| `port` +| `integer` +| Port is the port number of the ingress port. + +| `protocol` +| `string` +| Protocol is the protocol of the ingress port. The supported values are: "TCP", "UDP", "SCTP" + +Possible enum values: + - `"SCTP"` is the SCTP protocol. + - `"TCP"` is the TCP protocol. + - `"UDP"` is the UDP protocol. |=== diff --git a/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc b/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc index fb367bbcc5..6e73b68ece 100644 --- a/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc +++ b/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc @@ -212,7 +212,7 @@ Type:: | `ipBlock` | `object` -| IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. +| IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. | `namespaceSelector` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] @@ -231,7 +231,7 @@ If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects Description:: + -- -IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. +IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. -- Type:: @@ -248,11 +248,11 @@ Required:: | `cidr` | `string` -| CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" +| CIDR is a string representing the IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64" | `except` | `array (string)` -| Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range +| Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the CIDR range |=== === .spec.ingress @@ -334,7 +334,7 @@ Type:: | `ipBlock` | `object` -| IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. +| IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. | `namespaceSelector` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] @@ -353,7 +353,7 @@ If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects Description:: + -- -IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. +IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule. -- Type:: @@ -370,11 +370,11 @@ Required:: | `cidr` | `string` -| CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" +| CIDR is a string representing the IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64" | `except` | `array (string)` -| Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range +| Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the CIDR range |=== === .spec.ingress[].ports diff --git a/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc b/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc index 8827afcd68..aa9aa72b4e 100644 --- a/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc +++ b/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc @@ -67,6 +67,10 @@ Required:: | `string` | +| `podref` +| `string` +| + |=== == API endpoints diff --git a/rest_api/network_apis/route-route-openshift-io-v1.adoc b/rest_api/network_apis/route-route-openshift-io-v1.adoc index ea360484df..743258f309 100644 --- a/rest_api/network_apis/route-route-openshift-io-v1.adoc +++ b/rest_api/network_apis/route-route-openshift-io-v1.adoc @@ -46,7 +46,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -733,6 +733,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -935,6 +938,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -978,6 +984,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -1135,6 +1144,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -1178,6 +1190,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/node_apis/node-v1.adoc b/rest_api/node_apis/node-v1.adoc index 2071c30a9d..ec01a41179 100644 --- a/rest_api/node_apis/node-v1.adoc +++ b/rest_api/node_apis/node-v1.adoc @@ -234,7 +234,7 @@ Type:: | `addresses` | `array` -| List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See http://pr.k8s.io/79391 for an example. +| List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. | `addresses[]` | `object` @@ -302,7 +302,7 @@ Possible enum values: Description:: + -- -List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See http://pr.k8s.io/79391 for an example. +List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. -- Type:: diff --git a/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc index 381b5f9616..ee57a56415 100644 --- a/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc +++ b/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc @@ -54,7 +54,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `redirectURI` diff --git a/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc index 95b975343a..289a8be50a 100644 --- a/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc +++ b/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc @@ -52,7 +52,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `redirectURI` diff --git a/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc index 4ac101bb37..77cef78531 100644 --- a/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc +++ b/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc @@ -56,7 +56,7 @@ WARNING: existing tokens' timeout will not be affected (lowered) by changing thi | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `redirectURIs` diff --git a/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc index 3a021f589a..81e8b9716f 100644 --- a/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc +++ b/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `scopes` diff --git a/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc index 3d47e1267f..b6f2120e65 100644 --- a/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc +++ b/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc @@ -50,7 +50,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `redirectURI` diff --git a/rest_api/objects/index.adoc b/rest_api/objects/index.adoc index 14bfb8705a..4c97098059 100644 --- a/rest_api/objects/index.adoc +++ b/rest_api/objects/index.adoc @@ -701,8 +701,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -744,8 +744,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -787,8 +787,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -830,8 +830,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -873,8 +873,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -916,8 +916,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -959,8 +959,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1002,8 +1002,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1045,8 +1045,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1088,8 +1088,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1131,8 +1131,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1175,7 +1175,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1218,7 +1218,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1261,7 +1261,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1304,7 +1304,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1339,7 +1339,7 @@ Required:: | `items` | xref:../oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc#useroauthaccesstoken-oauth-openshift-io-v1[`array (UserOAuthAccessToken)`] -| +| | `kind` | `string` @@ -1347,7 +1347,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1389,8 +1389,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1432,8 +1432,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1475,8 +1475,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1518,8 +1518,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1561,8 +1561,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1604,8 +1604,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1647,8 +1647,8 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2[`ListMeta_v2`] -| +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| |=== @@ -1691,7 +1691,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1734,7 +1734,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1777,7 +1777,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -1819,11 +1819,11 @@ Type:: | `owned` | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.APIServiceDescription[`array (APIServiceDescription)`] -| +| | `required` | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.APIServiceDescription[`array (APIServiceDescription)`] -| +| |=== @@ -1852,11 +1852,11 @@ Type:: | `owned` | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.CRDDescription[`array (CRDDescription)`] -| +| | `required` | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.CRDDescription[`array (CRDDescription)`] -| +| |=== @@ -1886,11 +1886,11 @@ Required:: | `supported` | `boolean` -| +| | `type` | `string` -| +| |=== @@ -1923,7 +1923,7 @@ Required:: | `items` | xref:../operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc#packagemanifest-packages-operators-coreos-com-v1[`array (PackageManifest)`] -| +| | `kind` | `string` @@ -1931,7 +1931,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -2505,7 +2505,7 @@ Required:: | `metadata` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| +| |=== @@ -2632,8 +2632,8 @@ Required:: |=== -[id="io.k8s.api.core.v1.ConfigMapVolumeSource_v2"] -== io.k8s.api.core.v1.ConfigMapVolumeSource_v2 schema +[id="io.k8s.api.core.v1.ConfigMapVolumeSource"] +== io.k8s.api.core.v1.ConfigMapVolumeSource schema Description:: @@ -2657,11 +2657,11 @@ Type:: | `defaultMode` | `integer` -| Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. | `items` -| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath_v2[`array (KeyToPath_v2)`] -| If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath[`array (KeyToPath)`] +| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. | `name` | `string` @@ -2669,12 +2669,12 @@ Type:: | `optional` | `boolean` -| Specify whether the ConfigMap or its keys must be defined +| optional specify whether the ConfigMap or its keys must be defined |=== -[id="io.k8s.api.core.v1.CSIVolumeSource_v2"] -== io.k8s.api.core.v1.CSIVolumeSource_v2 schema +[id="io.k8s.api.core.v1.CSIVolumeSource"] +== io.k8s.api.core.v1.CSIVolumeSource schema Description:: @@ -2698,23 +2698,23 @@ Required:: | `driver` | `string` -| Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. +| driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. | `fsType` | `string` -| Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. +| fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. | `nodePublishSecretRef` | xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`] -| NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +| nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. | `readOnly` | `boolean` -| Specifies a read-only configuration for the volume. Defaults to false (read/write). +| readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). | `volumeAttributes` | `object (string)` -| VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. +| volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. |=== @@ -2909,33 +2909,6 @@ Required:: |=== -[id="io.k8s.api.core.v1.LoadBalancerStatus"] -== io.k8s.api.core.v1.LoadBalancerStatus schema - - -Description:: -+ --- -LoadBalancerStatus represents the status of a load-balancer. --- - -Type:: - `object` - - -[discrete] -=== Schema - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `ingress` -| xref:../objects/index.adoc#io.k8s.api.core.v1.LoadBalancerIngress[`array (LoadBalancerIngress)`] -| Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. - -|=== - [id="io.k8s.api.core.v1.LocalObjectReference"] == io.k8s.api.core.v1.LocalObjectReference schema @@ -2963,8 +2936,8 @@ Type:: |=== -[id="io.k8s.api.core.v1.NamespaceCondition_v2"] -== io.k8s.api.core.v1.NamespaceCondition_v2 schema +[id="io.k8s.api.core.v1.NamespaceCondition"] +== io.k8s.api.core.v1.NamespaceCondition schema Description:: @@ -2989,15 +2962,15 @@ Required:: | `lastTransitionTime` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] -| +| | `message` | `string` -| +| | `reason` | `string` -| +| | `status` | `string` @@ -3007,13 +2980,6 @@ Required:: | `string` | Type of namespace controller condition. -Possible enum values: - - `"NamespaceContentRemaining"` contains information about resources remaining in a namespace. - - `"NamespaceDeletionContentFailure"` contains information about namespace deleter errors during deletion of resources. - - `"NamespaceDeletionDiscoveryFailure"` contains information about namespace deleter errors during resource discovery. - - `"NamespaceDeletionGroupVersionParsingFailure"` contains information about namespace deleter errors parsing GV for legacy types. - - `"NamespaceFinalizersRemaining"` contains information about which finalizers are on resources remaining in a namespace. - |=== [id="io.k8s.api.core.v1.NamespaceList"] @@ -3217,7 +3183,14 @@ Type:: | `dataSourceRef` | `object` -| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -3276,7 +3249,14 @@ Required:: Description:: + -- -TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -3303,6 +3283,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== ..spec.resources Description:: @@ -3320,6 +3304,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -3328,6 +3324,44 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +..spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + +..spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== ..status Description:: @@ -3427,11 +3461,11 @@ Required:: | `status` | `string` -| +| | `type` | `string` -| +| |=== @@ -3504,7 +3538,7 @@ Required:: | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | `items` -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`array (PersistentVolume)`] +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`array (PersistentVolume)`] | items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes | `kind` @@ -3926,8 +3960,8 @@ Type:: |=== -[id="io.k8s.api.core.v1.ResourceRequirements"] -== io.k8s.api.core.v1.ResourceRequirements schema +[id="io.k8s.api.core.v1.ResourceRequirements_v2"] +== io.k8s.api.core.v1.ResourceRequirements_v2 schema Description:: @@ -4049,8 +4083,8 @@ Required:: |=== -[id="io.k8s.api.core.v1.SecretVolumeSource_v2"] -== io.k8s.api.core.v1.SecretVolumeSource_v2 schema +[id="io.k8s.api.core.v1.SecretVolumeSource"] +== io.k8s.api.core.v1.SecretVolumeSource schema Description:: @@ -4074,19 +4108,19 @@ Type:: | `defaultMode` | `integer` -| Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. | `items` -| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath_v2[`array (KeyToPath_v2)`] -| If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath[`array (KeyToPath)`] +| items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. | `optional` | `boolean` -| Specify whether the Secret or its keys must be defined +| optional field specify whether the Secret or its keys must be defined | `secretName` | `string` -| Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +| secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret |=== @@ -4371,88 +4405,6 @@ Required:: |=== -[id="io.k8s.api.flowcontrol.v1beta1.FlowSchemaList"] -== io.k8s.api.flowcontrol.v1beta1.FlowSchemaList schema - - -Description:: -+ --- -FlowSchemaList is a list of FlowSchema objects. --- - -Type:: - `object` - -Required:: - - `items` - -[discrete] -=== Schema - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `apiVersion` -| `string` -| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - -| `items` -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`array (FlowSchema)`] -| `items` is a list of FlowSchemas. - -| `kind` -| `string` -| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - -| `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| `metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -|=== - -[id="io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList"] -== io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList schema - - -Description:: -+ --- -PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects. --- - -Type:: - `object` - -Required:: - - `items` - -[discrete] -=== Schema - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `apiVersion` -| `string` -| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - -| `items` -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`array (PriorityLevelConfiguration)`] -| `items` is a list of request-priorities. - -| `kind` -| `string` -| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - -| `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] -| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -|=== - [id="io.k8s.api.networking.v1.IngressClassList"] == io.k8s.api.networking.v1.IngressClassList schema @@ -5159,27 +5111,27 @@ Type:: | `$ref` | `string` -| +| | `$schema` | `string` -| +| | `additionalItems` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool[``] -| +| | `additionalProperties` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool[``] -| +| | `allOf` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`] -| +| | `anyOf` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`] -| +| | `default` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`JSON`] @@ -5187,35 +5139,35 @@ Type:: | `definitions` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`] -| +| | `dependencies` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray[`object (undefined)`] -| +| | `description` | `string` -| +| | `enum` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`array (JSON)`] -| +| | `example` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`JSON`] -| +| | `exclusiveMaximum` | `boolean` -| +| | `exclusiveMinimum` | `boolean` -| +| | `externalDocs` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation[`ExternalDocumentation`] -| +| | `format` | `string` @@ -5225,87 +5177,87 @@ Type:: | `id` | `string` -| +| | `items` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray[``] -| +| | `maxItems` | `integer` -| +| | `maxLength` | `integer` -| +| | `maxProperties` | `integer` -| +| | `maximum` | `number` -| +| | `minItems` | `integer` -| +| | `minLength` | `integer` -| +| | `minProperties` | `integer` -| +| | `minimum` | `number` -| +| | `multipleOf` | `number` -| +| | `not` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[``] -| +| | `nullable` | `boolean` -| +| | `oneOf` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`] -| +| | `pattern` | `string` -| +| | `patternProperties` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`] -| +| | `properties` | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`] -| +| | `required` | `array (string)` -| +| | `title` | `string` -| +| | `type` | `string` -| +| | `uniqueItems` | `boolean` -| +| | `x-kubernetes-embedded-resource` | `boolean` @@ -5381,14 +5333,19 @@ Quantity is a fixed-point representation of a number. It provides convenient mar The serialization format is: - ::= - (Note that may be empty, from the "" case in .) - ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei - (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) - ::= m | "" | k | M | G | T | P | E - (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) - ::= "e" | "E" +``` ::= + (Note that may be empty, from the "" case in .) + + ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei + + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + + ::= m | "" | k | M | G | T | P | E + + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + + ::= "e" | "E" ``` No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. @@ -5547,15 +5504,15 @@ Required:: | `group` | `string` -| +| | `kind` | `string` -| +| | `version` | `string` -| +| |=== @@ -5590,8 +5547,8 @@ Type:: |=== -[id="io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2"] -== io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2 schema +[id="io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"] +== io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta schema Description:: @@ -5625,9 +5582,7 @@ Type:: | `selfLink` | `string` -| selfLink is a URL representing this object. Populated by the system. Read-only. - -DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release. +| Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. |=== @@ -5747,109 +5702,6 @@ Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-gu == io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2 schema -Description:: -+ --- -ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. --- - -Type:: - `object` - - -[discrete] -=== Schema - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `annotations` -| `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations - -| `clusterName` -| `string` -| The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. - -| `creationTimestamp` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] -| CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - -Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -| `deletionGracePeriodSeconds` -| `integer` -| Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. - -| `deletionTimestamp` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] -| DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. - -Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -| `finalizers` -| `array (string)` -| Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. - -| `generateName` -| `string` -| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - -If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - -Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - -| `generation` -| `integer` -| A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. - -| `labels` -| `object (string)` -| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels - -| `managedFields` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry_v2[`array (ManagedFieldsEntry_v2)`] -| ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. - -| `name` -| `string` -| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names - -| `namespace` -| `string` -| Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - -Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - -| `ownerReferences` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference_v2[`array (OwnerReference_v2)`] -| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. - -| `resourceVersion` -| `string` -| An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - -Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - -| `selfLink` -| `string` -| SelfLink is a URL representing this object. Populated by the system. Read-only. - -DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release. - -| `uid` -| `string` -| UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - -Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - -|=== - -[id="io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3"] -== io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3 schema - - Description:: + -- @@ -6068,7 +5920,7 @@ Required:: | `type` | `string` -| +| |=== @@ -6124,48 +5976,6 @@ Type:: -[id="io.k8s.apimachinery.pkg.runtime.RawExtension_v2"] -== io.k8s.apimachinery.pkg.runtime.RawExtension_v2 schema - - -Description:: -+ --- -RawExtension is used to hold extensions in external versions. - -To use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types. - -// Internal package: type MyAPIObject struct { - runtime.TypeMeta `json:",inline"` - MyPlugin runtime.Object `json:"myPlugin"` -} type PluginA struct { - AOption string `json:"aOption"` -} - -// External package: type MyAPIObject struct { - runtime.TypeMeta `json:",inline"` - MyPlugin runtime.RawExtension `json:"myPlugin"` -} type PluginA struct { - AOption string `json:"aOption"` -} - -// On the wire, the JSON will look something like this: { - "kind":"MyAPIObject", - "apiVersion":"v1", - "myPlugin": { - "kind":"PluginA", - "aOption":"foo", - }, -} - -So what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.) --- - -Type:: - `object` - - - [id="io.k8s.apimachinery.pkg.util.intstr.IntOrString"] == io.k8s.apimachinery.pkg.util.intstr.IntOrString schema @@ -7288,6 +7098,47 @@ Required:: |=== +[id="io.openshift.config.v1.ImageDigestMirrorSetList"] +== io.openshift.config.v1.ImageDigestMirrorSetList schema + + +Description:: ++ +-- +ImageDigestMirrorSetList is a list of ImageDigestMirrorSet +-- + +Type:: + `object` + +Required:: + - `items` + +[discrete] +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `items` +| xref:../config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc#imagedigestmirrorset-config-openshift-io-v1[`array (ImageDigestMirrorSet)`] +| List of imagedigestmirrorsets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +|=== + [id="io.openshift.config.v1.ImageList"] == io.openshift.config.v1.ImageList schema @@ -7329,6 +7180,47 @@ Required:: |=== +[id="io.openshift.config.v1.ImageTagMirrorSetList"] +== io.openshift.config.v1.ImageTagMirrorSetList schema + + +Description:: ++ +-- +ImageTagMirrorSetList is a list of ImageTagMirrorSet +-- + +Type:: + `object` + +Required:: + - `items` + +[discrete] +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `items` +| xref:../config_apis/imagetagmirrorset-config-openshift-io-v1.adoc#imagetagmirrorset-config-openshift-io-v1[`array (ImageTagMirrorSet)`] +| List of imagetagmirrorsets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +|=== + [id="io.openshift.config.v1.InfrastructureList"] == io.openshift.config.v1.InfrastructureList schema @@ -9789,6 +9681,88 @@ Required:: |=== +[id="io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationList"] +== io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationList schema + + +Description:: ++ +-- +Metal3RemediationList is a list of Metal3Remediation +-- + +Type:: + `object` + +Required:: + - `items` + +[discrete] +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `items` +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`array (Metal3Remediation)`] +| List of metal3remediations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +|=== + +[id="io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationTemplateList"] +== io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationTemplateList schema + + +Description:: ++ +-- +Metal3RemediationTemplateList is a list of Metal3RemediationTemplate +-- + +Type:: + `object` + +Required:: + - `items` + +[discrete] +=== Schema + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `items` +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`array (Metal3RemediationTemplate)`] +| List of metal3remediationtemplates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`] +| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +|=== + [id="org.ovn.k8s.v1.EgressFirewallList"] == org.ovn.k8s.v1.EgressFirewallList schema diff --git a/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc b/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc index 1b7155fcb3..94d12eb8dd 100644 --- a/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc @@ -61,7 +61,6 @@ Type:: `object` Required:: - - `managementState` - `replicas` @@ -1627,6 +1626,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -1635,6 +1644,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.routes Description:: @@ -1995,7 +2043,7 @@ Type:: | `regionEndpoint` | `string` -| regionEndpoint is the endpoint for S3 compatible storage services. Optional, defaults based on the Region that is provided. +| regionEndpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided. | `trustedCA` | `object` @@ -2239,6 +2287,10 @@ Required:: | `object` | LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +| `matchLabelKeys` +| `array (string)` +| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + | `maxSkew` | `integer` | MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \| P P \| P P \| P \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. @@ -2247,15 +2299,25 @@ Required:: | `integer` | MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \| P P \| P P \| P P \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + +| `nodeAffinityPolicy` +| `string` +| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + +| `nodeTaintsPolicy` +| `string` +| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` -| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. +| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. | `whenUnsatisfiable` | `string` -| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \| P \| P \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. +| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \| P \| P \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. |=== === .spec.topologySpreadConstraints[].labelSelector @@ -2811,7 +2873,7 @@ Type:: | `regionEndpoint` | `string` -| regionEndpoint is the endpoint for S3 compatible storage services. Optional, defaults based on the Region that is provided. +| regionEndpoint is the endpoint for S3 compatible storage services. It should be a valid URL with scheme, e.g. https://s3.example.com. Optional, defaults based on the Region that is provided. | `trustedCA` | `object` diff --git a/rest_api/operator_apis/console-operator-openshift-io-v1.adoc b/rest_api/operator_apis/console-operator-openshift-io-v1.adoc index 1404b5a081..4cde080fc3 100644 --- a/rest_api/operator_apis/console-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/console-operator-openshift-io-v1.adoc @@ -152,7 +152,7 @@ Type:: | `perspectives[]` | `object` -| +| Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown | `projectAccess` | `object` @@ -390,7 +390,7 @@ Type:: Description:: + -- - +Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown -- Type:: @@ -410,10 +410,65 @@ Required:: | `string` | id defines the id of the perspective. Example: "dev", "admin". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored. +| `pinnedResources` +| `array` +| pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored. + +| `pinnedResources[]` +| `object` +| PinnedResourceReference includes the group, version and type of resource + | `visibility` | `object` | visibility defines the state of perspective along with access review checks if needed for that perspective. +|=== +=== .spec.customization.perspectives[].pinnedResources +Description:: ++ +-- +pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored. +-- + +Type:: + `array` + + + + +=== .spec.customization.perspectives[].pinnedResources[] +Description:: ++ +-- +PinnedResourceReference includes the group, version and type of resource +-- + +Type:: + `object` + +Required:: + - `group` + - `resource` + - `version` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `group` +| `string` +| group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc. + +| `resource` +| `string` +| resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc. + +| `version` +| `string` +| version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: "v1", "v1beta1", etc. + |=== === .spec.customization.perspectives[].visibility Description:: diff --git a/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc b/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc index 661078fe46..ee1ea8b100 100644 --- a/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc @@ -1467,6 +1467,16 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | `integer-or-string` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -1475,6 +1485,45 @@ Type:: | `integer-or-string` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.tolerations Description:: diff --git a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc index 088fb3a00b..3c1068e6d6 100644 --- a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc @@ -412,9 +412,14 @@ Required:: | gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults. +| `ibm` +| `object` +| ibm provides configuration settings that are specific to IBM Cloud load balancers. + If empty, defaults will be applied. See specific ibm fields for details about their defaults. + | `type` | `string` -| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Nutanix", "OpenStack", and "VSphere". +| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere". |=== === .spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws @@ -516,6 +521,31 @@ Type:: * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. https://cloud.google.com/load-balancing/docs/internal#client_access +|=== +=== .spec.endpointPublishingStrategy.loadBalancer.providerParameters.ibm +Description:: ++ +-- +ibm provides configuration settings that are specific to IBM Cloud load balancers. + If empty, defaults will be applied. See specific ibm fields for details about their defaults. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `protocol` +| `string` +| protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. + Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled. + |=== === .spec.endpointPublishingStrategy.nodePort Description:: @@ -971,7 +1001,8 @@ Type:: kubernetes.io/os: linux node-role.kubernetes.io/worker: '' When defaultPlacement is ControlPlane, the default is: kubernetes.io/os: linux node-role.kubernetes.io/master: '' - These defaults are subject to change. + These defaults are subject to change. + Note that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors. | `tolerations` | `array` @@ -995,7 +1026,8 @@ nodeSelector is the node selector applied to ingress controller deployments. kubernetes.io/os: linux node-role.kubernetes.io/worker: '' When defaultPlacement is ControlPlane, the default is: kubernetes.io/os: linux node-role.kubernetes.io/master: '' - These defaults are subject to change. + These defaults are subject to change. + Note that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors. -- Type:: @@ -1661,9 +1693,14 @@ Required:: | gcp provides configuration settings that are specific to GCP load balancers. If empty, defaults will be applied. See specific gcp fields for details about their defaults. +| `ibm` +| `object` +| ibm provides configuration settings that are specific to IBM Cloud load balancers. + If empty, defaults will be applied. See specific ibm fields for details about their defaults. + | `type` | `string` -| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Nutanix", "OpenStack", and "VSphere". +| type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and "VSphere". |=== === .status.endpointPublishingStrategy.loadBalancer.providerParameters.aws @@ -1765,6 +1802,31 @@ Type:: * "Local": Specifying an internal load balancer with Local client access means only clients within the same region (and VPC) as the GCP load balancer can communicate with the load balancer. Note that this is the default behavior. https://cloud.google.com/load-balancing/docs/internal#client_access +|=== +=== .status.endpointPublishingStrategy.loadBalancer.providerParameters.ibm +Description:: ++ +-- +ibm provides configuration settings that are specific to IBM Cloud load balancers. + If empty, defaults will be applied. See specific ibm fields for details about their defaults. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `protocol` +| `string` +| protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + PROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol. + Valid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled. + |=== === .status.endpointPublishingStrategy.nodePort Description:: diff --git a/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc b/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc index ad52907a85..19e876ebed 100644 --- a/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc +++ b/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc @@ -414,6 +414,10 @@ Type:: |=== | Property | Type | Description +| `downloadedAt` +| `string` +| downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). + | `healthChecks` | `array` | healthChecks provides basic information about active Insights health checks in a cluster. diff --git a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc index 139e52837e..b4c5b56c5d 100644 --- a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc +++ b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc @@ -144,7 +144,9 @@ Type:: | `securityContextConfig` | `string` -| SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission(PSA) controller's `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. By default, SecurityContextConfig is set to `restricted`. If the value is unspecified, the default value of `restricted` is used. Specifying any other value will result in a validation error. When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/' +| SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. + In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes. + More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/' | `tolerations` | `array` @@ -302,7 +304,8 @@ Type:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } | `configMapReference` @@ -347,7 +350,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- diff --git a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc index db848a02bd..6617249b8c 100644 --- a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc +++ b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc @@ -1676,7 +1676,7 @@ Required:: | `apiGroups` | `array (string)` -| APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. +| APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. | `nonResourceURLs` | `array (string)` @@ -2001,13 +2001,12 @@ Required:: | `ephemeralContainers` | `array` -| List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate. +| List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. | `ephemeralContainers[]` | `object` | An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation. - To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted. - This is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate. + To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted. | `hostAliases` | `array` @@ -2029,6 +2028,10 @@ Required:: | `boolean` | Use the host's pid namespace. Optional: Default to false. +| `hostUsers` +| `boolean` +| Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + | `hostname` | `string` | Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. @@ -2061,7 +2064,7 @@ Required:: | `object` | Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions - If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup This is a beta field and requires the IdentifyPodOS feature + If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup | `overhead` | `integer-or-string` @@ -3555,7 +3558,7 @@ Required:: | `ports` | `array` -| List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. +| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. | `ports[]` | `object` @@ -4501,7 +4504,7 @@ Required:: Description:: + -- -List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. +List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. -- Type:: @@ -5384,7 +5387,7 @@ Type:: Description:: + -- -List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate. +List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. -- Type:: @@ -5398,8 +5401,7 @@ Description:: + -- An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation. - To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted. - This is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate. + To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted. -- Type:: @@ -7369,7 +7371,7 @@ Required:: | `ports` | `array` -| List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. +| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. | `ports[]` | `object` @@ -8315,7 +8317,7 @@ Required:: Description:: + -- -List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. +List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. -- Type:: @@ -9127,7 +9129,7 @@ Description:: -- Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions - If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup This is a beta field and requires the IdentifyPodOS feature + If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup -- Type:: @@ -9476,6 +9478,10 @@ Required:: | `object` | LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +| `matchLabelKeys` +| `array (string)` +| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + | `maxSkew` | `integer` | MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \| P P \| P P \| P \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. @@ -9484,11 +9490,21 @@ Required:: | `integer` | MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \| P P \| P P \| P P \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + +| `nodeAffinityPolicy` +| `string` +| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + +| `nodeTaintsPolicy` +| `string` +| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` -| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. +| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. | `whenUnsatisfiable` | `string` @@ -11900,7 +11916,7 @@ Required:: | `apiGroups` | `array (string)` -| APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. +| APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. | `nonResourceURLs` | `array (string)` diff --git a/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc index ace4f96fb7..a1cb5fec87 100644 --- a/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc +++ b/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc @@ -115,7 +115,8 @@ Type:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } |=== @@ -136,7 +137,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- diff --git a/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc b/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc index 7448792842..8076985b06 100644 --- a/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc +++ b/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc @@ -71,7 +71,8 @@ Type:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } | `deployments` @@ -84,7 +85,8 @@ Type:: | `overrides[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } | `serviceAccounts` @@ -109,7 +111,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- @@ -171,7 +174,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- @@ -238,7 +242,8 @@ Type:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } |=== @@ -259,7 +264,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- diff --git a/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc index 9b4f532df3..fa7bd71023 100644 --- a/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc +++ b/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc @@ -190,7 +190,8 @@ Required:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } | `lastUpdated` @@ -223,7 +224,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- diff --git a/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc index c804a15d76..bf4f474fb2 100644 --- a/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc +++ b/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc @@ -34,7 +34,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -147,6 +147,7 @@ Type:: Required:: - `name` - `currentCSV` + - `entries` @@ -162,6 +163,14 @@ Required:: | `object` | CSVDescription defines a description of a CSV +| `entries` +| `array` +| Entries lists all CSVs in the channel, with their upgrade edges. + +| `entries[]` +| `object` +| ChannelEntry defines a member of a package channel. + | `name` | `string` | Name is the name of the channel, e.g. `alpha` or `stable` @@ -403,6 +412,47 @@ Type:: | `string` | +|=== +=== .status.channels[].entries +Description:: ++ +-- +Entries lists all CSVs in the channel, with their upgrade edges. +-- + +Type:: + `array` + + + + +=== .status.channels[].entries[] +Description:: ++ +-- +ChannelEntry defines a member of a package channel. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name is the name of the bundle for this entry. + +| `version` +| `string` +| Version is the version of the bundle for this entry. + |=== === .status.provider Description:: diff --git a/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc b/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc index 59e5528d32..294449281b 100644 --- a/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc +++ b/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc @@ -75,6 +75,20 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] | Label query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace. +| `unhealthyPodEvictionPolicy` +| `string` +| UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True". + +Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy. + +IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction. + +AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction. + +Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field. + +This field is alpha-level. The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy is enabled (disabled by default). + |=== === .status Description:: diff --git a/rest_api/project_apis/project-project-openshift-io-v1.adoc b/rest_api/project_apis/project-project-openshift-io-v1.adoc index 2a05087c04..2525893dc7 100644 --- a/rest_api/project_apis/project-project-openshift-io-v1.adoc +++ b/rest_api/project_apis/project-project-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -92,7 +92,7 @@ Type:: | Property | Type | Description | `conditions` -| xref:../objects/index.adoc#io.k8s.api.core.v1.NamespaceCondition_v2[`array (NamespaceCondition_v2)`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.NamespaceCondition[`array (NamespaceCondition)`] | Represents the latest available observations of the project current state. | `phase` @@ -211,6 +211,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -402,6 +405,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -445,6 +451,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc b/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc index 1e24fa08d2..e3dc6e04d2 100644 --- a/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc +++ b/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc @@ -44,7 +44,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | |=== @@ -146,6 +146,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc index bc2da00604..eaf8cbb7f6 100644 --- a/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc +++ b/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc @@ -95,7 +95,8 @@ Required:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } | `lastUpdated` @@ -128,7 +129,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- diff --git a/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..e92204de88 --- /dev/null +++ b/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,721 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_content-type: ASSEMBLY +[id="metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1"] += Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +Metal3Remediation is the Schema for the metal3remediations API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Metal3RemediationSpec defines the desired state of Metal3Remediation. + +| `status` +| `object` +| Metal3RemediationStatus defines the observed state of Metal3Remediation. + +|=== +=== .spec +Description:: ++ +-- +Metal3RemediationSpec defines the desired state of Metal3Remediation. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `strategy` +| `object` +| Strategy field defines remediation strategy. + +|=== +=== .spec.strategy +Description:: ++ +-- +Strategy field defines remediation strategy. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `retryLimit` +| `integer` +| Sets maximum number of remediation retries. + +| `timeout` +| `string` +| Sets the timeout between remediation retries. + +| `type` +| `string` +| Type of remediation. + +|=== +=== .status +Description:: ++ +-- +Metal3RemediationStatus defines the observed state of Metal3Remediation. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastRemediated` +| `string` +| LastRemediated identifies when the host was last remediated + +| `phase` +| `string` +| Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc. + +| `retryCount` +| `integer` +| RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/metal3remediations` +- `GET`: list objects of kind Metal3Remediation +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations` +- `DELETE`: delete collection of Metal3Remediation +- `GET`: list objects of kind Metal3Remediation +- `POST`: create a Metal3Remediation +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations/{name}` +- `DELETE`: delete a Metal3Remediation +- `GET`: read the specified Metal3Remediation +- `PATCH`: partially update the specified Metal3Remediation +- `PUT`: replace the specified Metal3Remediation +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations/{name}/status` +- `GET`: read status of the specified Metal3Remediation +- `PATCH`: partially update status of the specified Metal3Remediation +- `PUT`: replace status of the specified Metal3Remediation + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/metal3remediations + + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Metal3Remediation + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationList[`Metal3RemediationList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete collection of Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationList[`Metal3RemediationList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 201 - Created +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 202 - Accepted +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Metal3Remediation +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete a Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `gracePeriodSeconds` +| `integer` +| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. +| `orphanDependents` +| `boolean` +| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. +| `propagationPolicy` +| `string` +| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 201 - Created +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Metal3Remediation +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `GET` + +Description:: + read status of the specified Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Metal3Remediation + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 201 - Created +| xref:../provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3Remediation`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..a4309793b5 --- /dev/null +++ b/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,793 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_content-type: ASSEMBLY +[id="metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1"] += Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +Metal3RemediationTemplate is the Schema for the metal3remediationtemplates API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Metal3RemediationTemplateSpec defines the desired state of Metal3RemediationTemplate. + +| `status` +| `object` +| Metal3RemediationTemplateStatus defines the observed state of Metal3RemediationTemplate. + +|=== +=== .spec +Description:: ++ +-- +Metal3RemediationTemplateSpec defines the desired state of Metal3RemediationTemplate. +-- + +Type:: + `object` + +Required:: + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `object` +| Metal3RemediationTemplateResource describes the data needed to create a Metal3Remediation from a template. + +|=== +=== .spec.template +Description:: ++ +-- +Metal3RemediationTemplateResource describes the data needed to create a Metal3Remediation from a template. +-- + +Type:: + `object` + +Required:: + - `spec` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `spec` +| `object` +| Spec is the specification of the desired behavior of the Metal3Remediation. + +|=== +=== .spec.template.spec +Description:: ++ +-- +Spec is the specification of the desired behavior of the Metal3Remediation. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `strategy` +| `object` +| Strategy field defines remediation strategy. + +|=== +=== .spec.template.spec.strategy +Description:: ++ +-- +Strategy field defines remediation strategy. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `retryLimit` +| `integer` +| Sets maximum number of remediation retries. + +| `timeout` +| `string` +| Sets the timeout between remediation retries. + +| `type` +| `string` +| Type of remediation. + +|=== +=== .status +Description:: ++ +-- +Metal3RemediationTemplateStatus defines the observed state of Metal3RemediationTemplate. +-- + +Type:: + `object` + +Required:: + - `status` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `status` +| `object` +| Metal3RemediationStatus defines the observed state of Metal3Remediation + +|=== +=== .status.status +Description:: ++ +-- +Metal3RemediationStatus defines the observed state of Metal3Remediation +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastRemediated` +| `string` +| LastRemediated identifies when the host was last remediated + +| `phase` +| `string` +| Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc. + +| `retryCount` +| `integer` +| RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/metal3remediationtemplates` +- `GET`: list objects of kind Metal3RemediationTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates` +- `DELETE`: delete collection of Metal3RemediationTemplate +- `GET`: list objects of kind Metal3RemediationTemplate +- `POST`: create a Metal3RemediationTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates/{name}` +- `DELETE`: delete a Metal3RemediationTemplate +- `GET`: read the specified Metal3RemediationTemplate +- `PATCH`: partially update the specified Metal3RemediationTemplate +- `PUT`: replace the specified Metal3RemediationTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates/{name}/status` +- `GET`: read status of the specified Metal3RemediationTemplate +- `PATCH`: partially update status of the specified Metal3RemediationTemplate +- `PUT`: replace status of the specified Metal3RemediationTemplate + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/metal3remediationtemplates + + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Metal3RemediationTemplate + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationTemplateList[`Metal3RemediationTemplateList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete collection of Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `allowWatchBookmarks` +| `boolean` +| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. +| `continue` +| `string` +| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". + +This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. +| `fieldSelector` +| `string` +| A selector to restrict the list of returned objects by their fields. Defaults to everything. +| `labelSelector` +| `string` +| A selector to restrict the list of returned objects by their labels. Defaults to everything. +| `limit` +| `integer` +| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. + +The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `resourceVersionMatch` +| `string` +| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +| `timeoutSeconds` +| `integer` +| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. +| `watch` +| `boolean` +| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationTemplateList[`Metal3RemediationTemplateList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 201 - Created +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 202 - Accepted +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Metal3RemediationTemplate +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `DELETE` + +Description:: + delete a Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `gracePeriodSeconds` +| `integer` +| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. +| `orphanDependents` +| `boolean` +| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. +| `propagationPolicy` +| `string` +| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 201 - Created +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Metal3RemediationTemplate +| `namespace` +| `string` +| object name and auth scope, such as for teams and projects +|=== + +.Global query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `pretty` +| `string` +| If 'true', then the output is pretty printed. +|=== + +HTTP method:: + `GET` + +Description:: + read status of the specified Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `resourceVersion` +| `string` +| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. + +Defaults to unset +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Metal3RemediationTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldManager` +| `string` +| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 201 - Created +| xref:../provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1[`Metal3RemediationTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc index 4f15aee066..3c40c6d7de 100644 --- a/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc +++ b/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc @@ -103,7 +103,8 @@ Type:: | `conditions[]` | `object` -| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } | `extraKernelParams` @@ -144,7 +145,8 @@ Type:: Description:: + -- -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // other fields } -- diff --git a/rest_api/provisioning_apis/provisioning-apis-index.adoc b/rest_api/provisioning_apis/provisioning-apis-index.adoc index d5dc2eedf4..3a24aba2e5 100644 --- a/rest_api/provisioning_apis/provisioning-apis-index.adoc +++ b/rest_api/provisioning_apis/provisioning-apis-index.adoc @@ -59,6 +59,28 @@ Description:: HostFirmwareSettings is the Schema for the hostfirmwaresettings API -- +Type:: + `object` + +== Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +Metal3Remediation is the Schema for the metal3remediations API. +-- + +Type:: + `object` + +== Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +Metal3RemediationTemplate is the Schema for the metal3remediationtemplates API. +-- + Type:: `object` diff --git a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc index e837243d19..d1155f6daf 100644 --- a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc +++ b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc @@ -83,6 +83,10 @@ Type:: | `string` | ProvisioningDHCPRange needs to be interpreted along with ProvisioningDHCPExternal. If the value of provisioningDHCPExternal is set to False, then ProvisioningDHCPRange represents the range of IP addresses that the DHCP server running within the metal3 cluster can use while provisioning baremetal servers. If the value of ProvisioningDHCPExternal is set to True, then the value of ProvisioningDHCPRange will be ignored. When the value of ProvisioningDHCPExternal is set to False, indicating an internal DHCP server and the value of ProvisioningDHCPRange is not set, then the DHCP range is taken to be the default range which goes from .10 to .100 of the ProvisioningNetworkCIDR. This is the only value in all of the Provisioning configuration that can be changed after the installer has created the CR. This value needs to be two comma sererated IP addresses within the ProvisioningNetworkCIDR where the 1st address represents the start of the range and the 2nd address represents the last usable address in the range. +| `provisioningDNS` +| `boolean` +| ProvisioningDNS allows sending the DNS information via DHCP on the provisionig network. It is off by default since the Provisioning service itself (Ironic) does not require DNS, but it may be useful for layered products (e.g. ZTP). + | `provisioningIP` | `string` | ProvisioningIP is the IP address assigned to the provisioningInterface of the baremetal server. This IP address should be within the provisioning subnet, and outside of the DHCP range. diff --git a/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc b/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc index d5b4ec83ff..9b4df8bdd6 100644 --- a/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc +++ b/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc @@ -42,7 +42,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `rules` @@ -92,7 +92,7 @@ Required:: | APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed | `attributeRestrictions` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error. | `nonResourceURLs` @@ -215,6 +215,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -341,6 +344,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -384,6 +390,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc b/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc index 5dc0357255..bad8f22d78 100644 --- a/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc +++ b/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc @@ -43,7 +43,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `roleRef` @@ -162,6 +162,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -288,6 +291,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -331,6 +337,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/role_apis/role-authorization-openshift-io-v1.adoc b/rest_api/role_apis/role-authorization-openshift-io-v1.adoc index add17f241e..f3ad878092 100644 --- a/rest_api/role_apis/role-authorization-openshift-io-v1.adoc +++ b/rest_api/role_apis/role-authorization-openshift-io-v1.adoc @@ -38,7 +38,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `rules` @@ -88,7 +88,7 @@ Required:: | APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed | `attributeRestrictions` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`RawExtension_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`] | AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error. | `nonResourceURLs` @@ -286,6 +286,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -415,6 +418,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -458,6 +464,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc b/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc index c77319bda7..1046c47bf7 100644 --- a/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc +++ b/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc @@ -43,7 +43,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `roleRef` @@ -237,6 +237,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -366,6 +369,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -409,6 +415,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc b/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc index 933c58c720..0f20e3045b 100644 --- a/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc +++ b/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc @@ -39,7 +39,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` diff --git a/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc b/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc index c6645493d2..5208be38ce 100644 --- a/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc +++ b/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc @@ -8,1144 +8,9 @@ toc::[] -Description:: -+ --- -FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". --- - -Type:: - `object` - - - -== Specification - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `apiVersion` -| `string` -| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - -| `kind` -| `string` -| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - -| `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] -| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -| `spec` -| `object` -| FlowSchemaSpec describes how the FlowSchema's specification looks like. - -| `status` -| `object` -| FlowSchemaStatus represents the current state of a FlowSchema. - -|=== -=== .spec -Description:: -+ --- -FlowSchemaSpec describes how the FlowSchema's specification looks like. --- - -Type:: - `object` - -Required:: - - `priorityLevelConfiguration` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `distinguisherMethod` -| `object` -| FlowDistinguisherMethod specifies the method of a flow distinguisher. - -| `matchingPrecedence` -| `integer` -| `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default. - -| `priorityLevelConfiguration` -| `object` -| PriorityLevelConfigurationReference contains information that points to the "request-priority" being used. - -| `rules` -| `array` -| `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema. - -| `rules[]` -| `object` -| PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request. - -|=== -=== .spec.distinguisherMethod -Description:: -+ --- -FlowDistinguisherMethod specifies the method of a flow distinguisher. --- - -Type:: - `object` - -Required:: - - `type` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `type` -| `string` -| `type` is the type of flow distinguisher method The supported types are "ByUser" and "ByNamespace". Required. - -|=== -=== .spec.priorityLevelConfiguration -Description:: -+ --- -PriorityLevelConfigurationReference contains information that points to the "request-priority" being used. --- - -Type:: - `object` - -Required:: - - `name` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `name` -| `string` -| `name` is the name of the priority level configuration being referenced Required. - -|=== -=== .spec.rules -Description:: -+ --- -`rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema. --- - -Type:: - `array` - - - - -=== .spec.rules[] -Description:: -+ --- -PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request. --- - -Type:: - `object` - -Required:: - - `subjects` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `nonResourceRules` -| `array` -| `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL. - -| `nonResourceRules[]` -| `object` -| NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request. - -| `resourceRules` -| `array` -| `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty. - -| `resourceRules[]` -| `object` -| ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace. - -| `subjects` -| `array` -| subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required. - -| `subjects[]` -| `object` -| Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account. - -|=== -=== .spec.rules[].nonResourceRules -Description:: -+ --- -`nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL. --- - -Type:: - `array` - - - - -=== .spec.rules[].nonResourceRules[] -Description:: -+ --- -NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request. --- - -Type:: - `object` - -Required:: - - `verbs` - - `nonResourceURLs` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `nonResourceURLs` -| `array (string)` -| `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. For example: - - "/healthz" is legal - - "/hea*" is illegal - - "/hea" is legal but matches nothing - - "/hea/*" also matches nothing - - "/healthz/*" matches all per-component health checks. -"*" matches all non-resource urls. if it is present, it must be the only entry. Required. - -| `verbs` -| `array (string)` -| `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required. - -|=== -=== .spec.rules[].resourceRules -Description:: -+ --- -`resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty. --- - -Type:: - `array` - - - - -=== .spec.rules[].resourceRules[] -Description:: -+ --- -ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace. --- - -Type:: - `object` - -Required:: - - `verbs` - - `apiGroups` - - `resources` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `apiGroups` -| `array (string)` -| `apiGroups` is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. Required. - -| `clusterScope` -| `boolean` -| `clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list. - -| `namespaces` -| `array (string)` -| `namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*". Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true. - -| `resources` -| `array (string)` -| `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ "services", "nodes/status" ]. This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required. - -| `verbs` -| `array (string)` -| `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required. - -|=== -=== .spec.rules[].subjects -Description:: -+ --- -subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required. --- - -Type:: - `array` - - - - -=== .spec.rules[].subjects[] -Description:: -+ --- -Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account. --- - -Type:: - `object` - -Required:: - - `kind` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `group` -| `object` -| GroupSubject holds detailed information for group-kind subject. - -| `kind` -| `string` -| `kind` indicates which one of the other fields is non-empty. Required - -| `serviceAccount` -| `object` -| ServiceAccountSubject holds detailed information for service-account-kind subject. - -| `user` -| `object` -| UserSubject holds detailed information for user-kind subject. - -|=== -=== .spec.rules[].subjects[].group -Description:: -+ --- -GroupSubject holds detailed information for group-kind subject. --- - -Type:: - `object` - -Required:: - - `name` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `name` -| `string` -| name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required. - -|=== -=== .spec.rules[].subjects[].serviceAccount -Description:: -+ --- -ServiceAccountSubject holds detailed information for service-account-kind subject. --- - -Type:: - `object` - -Required:: - - `namespace` - - `name` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `name` -| `string` -| `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required. - -| `namespace` -| `string` -| `namespace` is the namespace of matching ServiceAccount objects. Required. - -|=== -=== .spec.rules[].subjects[].user -Description:: -+ --- -UserSubject holds detailed information for user-kind subject. --- - -Type:: - `object` - -Required:: - - `name` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `name` -| `string` -| `name` is the username that matches, or "*" to match all usernames. Required. - -|=== -=== .status -Description:: -+ --- -FlowSchemaStatus represents the current state of a FlowSchema. --- - -Type:: - `object` - - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `conditions` -| `array` -| `conditions` is a list of the current states of FlowSchema. - -| `conditions[]` -| `object` -| FlowSchemaCondition describes conditions for a FlowSchema. - -|=== -=== .status.conditions -Description:: -+ --- -`conditions` is a list of the current states of FlowSchema. --- - -Type:: - `array` - - - - -=== .status.conditions[] -Description:: -+ --- -FlowSchemaCondition describes conditions for a FlowSchema. --- - -Type:: - `object` - - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `lastTransitionTime` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] -| `lastTransitionTime` is the last time the condition transitioned from one status to another. - -| `message` -| `string` -| `message` is a human-readable message indicating details about last transition. - -| `reason` -| `string` -| `reason` is a unique, one-word, CamelCase reason for the condition's last transition. - -| `status` -| `string` -| `status` is the status of the condition. Can be True, False, Unknown. Required. - -| `type` -| `string` -| `type` is the type of the condition. Required. - -|=== - == API endpoints The following API endpoints are available: -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas` -- `DELETE`: delete collection of FlowSchema -- `GET`: list or watch objects of kind FlowSchema -- `POST`: create a FlowSchema -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas` -- `GET`: watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead. -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}` -- `DELETE`: delete a FlowSchema -- `GET`: read the specified FlowSchema -- `PATCH`: partially update the specified FlowSchema -- `PUT`: replace the specified FlowSchema -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas/{name}` -- `GET`: watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}/status` -- `GET`: read status of the specified FlowSchema -- `PATCH`: partially update status of the specified FlowSchema -- `PUT`: replace status of the specified FlowSchema - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas - - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -|=== - -HTTP method:: - `DELETE` - -Description:: - delete collection of FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `gracePeriodSeconds` -| `integer` -| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `orphanDependents` -| `boolean` -| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. -| `propagationPolicy` -| `string` -| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `GET` - -Description:: - list or watch objects of kind FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `allowWatchBookmarks` -| `boolean` -| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -| `watch` -| `boolean` -| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. -|=== - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.api.flowcontrol.v1beta1.FlowSchemaList[`FlowSchemaList`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `POST` - -Description:: - create a FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 202 - Accepted -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas - - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `allowWatchBookmarks` -| `boolean` -| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -| `watch` -| `boolean` -| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. -|=== - -HTTP method:: - `GET` - -Description:: - watch individual changes to a list of FlowSchema. deprecated: use the 'watch' parameter with a list operation instead. - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name} - -.Global path parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `name` -| `string` -| name of the FlowSchema -|=== - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -|=== - -HTTP method:: - `DELETE` - -Description:: - delete a FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `gracePeriodSeconds` -| `integer` -| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. -| `orphanDependents` -| `boolean` -| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. -| `propagationPolicy` -| `string` -| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema -| 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `GET` - -Description:: - read the specified FlowSchema - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PATCH` - -Description:: - partially update the specified FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -| `force` -| `boolean` -| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PUT` - -Description:: - replace the specified FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/flowschemas/{name} - -.Global path parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `name` -| `string` -| name of the FlowSchema -|=== - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `allowWatchBookmarks` -| `boolean` -| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -| `watch` -| `boolean` -| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. -|=== - -HTTP method:: - `GET` - -Description:: - watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}/status - -.Global path parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `name` -| `string` -| name of the FlowSchema -|=== - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -|=== - -HTTP method:: - `GET` - -Description:: - read status of the specified FlowSchema - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PATCH` - -Description:: - partially update status of the specified FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -| `force` -| `boolean` -| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PUT` - -Description:: - replace status of the specified FlowSchema - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta1[`FlowSchema`] schema -| 401 - Unauthorized -| Empty -|=== diff --git a/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc b/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc index 4ff9b22001..c64ab782bc 100644 --- a/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc +++ b/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc @@ -8,890 +8,9 @@ toc::[] -Description:: -+ --- -PriorityLevelConfiguration represents the configuration of a priority level. --- - -Type:: - `object` - - - -== Specification - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `apiVersion` -| `string` -| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - -| `kind` -| `string` -| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - -| `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] -| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - -| `spec` -| `object` -| PriorityLevelConfigurationSpec specifies the configuration of a priority level. - -| `status` -| `object` -| PriorityLevelConfigurationStatus represents the current state of a "request-priority". - -|=== -=== .spec -Description:: -+ --- -PriorityLevelConfigurationSpec specifies the configuration of a priority level. --- - -Type:: - `object` - -Required:: - - `type` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `limited` -| `object` -| LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues: - - How are requests for this priority level limited? - - What should be done with requests that exceed the limit? - -| `type` -| `string` -| `type` indicates whether this priority level is subject to limitation on request execution. A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required. - -|=== -=== .spec.limited -Description:: -+ --- -LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues: - - How are requests for this priority level limited? - - What should be done with requests that exceed the limit? --- - -Type:: - `object` - - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `assuredConcurrencyShares` -| `integer` -| `assuredConcurrencyShares` (ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level: - - ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) ) - -bigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30. - -| `limitResponse` -| `object` -| LimitResponse defines how to handle requests that can not be executed right now. - -|=== -=== .spec.limited.limitResponse -Description:: -+ --- -LimitResponse defines how to handle requests that can not be executed right now. --- - -Type:: - `object` - -Required:: - - `type` - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `queuing` -| `object` -| QueuingConfiguration holds the configuration parameters for queuing - -| `type` -| `string` -| `type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required. - -|=== -=== .spec.limited.limitResponse.queuing -Description:: -+ --- -QueuingConfiguration holds the configuration parameters for queuing --- - -Type:: - `object` - - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `handSize` -| `integer` -| `handSize` is a small positive number that configures the shuffle sharding of requests into queues. When enqueuing a request at this priority level the request's flow identifier (a string pair) is hashed and the hash value is used to shuffle the list of queues and deal a hand of the size specified here. The request is put into one of the shortest queues in that hand. `handSize` must be no larger than `queues`, and should be significantly smaller (so that a few heavy flows do not saturate most of the queues). See the user-facing documentation for more extensive guidance on setting this field. This field has a default value of 8. - -| `queueLengthLimit` -| `integer` -| `queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected. This value must be positive. If not specified, it will be defaulted to 50. - -| `queues` -| `integer` -| `queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive. Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant. This field has a default value of 64. - -|=== -=== .status -Description:: -+ --- -PriorityLevelConfigurationStatus represents the current state of a "request-priority". --- - -Type:: - `object` - - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `conditions` -| `array` -| `conditions` is the current state of "request-priority". - -| `conditions[]` -| `object` -| PriorityLevelConfigurationCondition defines the condition of priority level. - -|=== -=== .status.conditions -Description:: -+ --- -`conditions` is the current state of "request-priority". --- - -Type:: - `array` - - - - -=== .status.conditions[] -Description:: -+ --- -PriorityLevelConfigurationCondition defines the condition of priority level. --- - -Type:: - `object` - - - - -[cols="1,1,1",options="header"] -|=== -| Property | Type | Description - -| `lastTransitionTime` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] -| `lastTransitionTime` is the last time the condition transitioned from one status to another. - -| `message` -| `string` -| `message` is a human-readable message indicating details about last transition. - -| `reason` -| `string` -| `reason` is a unique, one-word, CamelCase reason for the condition's last transition. - -| `status` -| `string` -| `status` is the status of the condition. Can be True, False, Unknown. Required. - -| `type` -| `string` -| `type` is the type of the condition. Required. - -|=== - == API endpoints The following API endpoints are available: -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations` -- `DELETE`: delete collection of PriorityLevelConfiguration -- `GET`: list or watch objects of kind PriorityLevelConfiguration -- `POST`: create a PriorityLevelConfiguration -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations` -- `GET`: watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead. -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}` -- `DELETE`: delete a PriorityLevelConfiguration -- `GET`: read the specified PriorityLevelConfiguration -- `PATCH`: partially update the specified PriorityLevelConfiguration -- `PUT`: replace the specified PriorityLevelConfiguration -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations/{name}` -- `GET`: watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. -* `/apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}/status` -- `GET`: read status of the specified PriorityLevelConfiguration -- `PATCH`: partially update status of the specified PriorityLevelConfiguration -- `PUT`: replace status of the specified PriorityLevelConfiguration - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations - - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -|=== - -HTTP method:: - `DELETE` - -Description:: - delete collection of PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `gracePeriodSeconds` -| `integer` -| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `orphanDependents` -| `boolean` -| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. -| `propagationPolicy` -| `string` -| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `GET` - -Description:: - list or watch objects of kind PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `allowWatchBookmarks` -| `boolean` -| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -| `watch` -| `boolean` -| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. -|=== - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList[`PriorityLevelConfigurationList`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `POST` - -Description:: - create a PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 202 - Accepted -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations - - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `allowWatchBookmarks` -| `boolean` -| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -| `watch` -| `boolean` -| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. -|=== - -HTTP method:: - `GET` - -Description:: - watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead. - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name} - -.Global path parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `name` -| `string` -| name of the PriorityLevelConfiguration -|=== - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -|=== - -HTTP method:: - `DELETE` - -Description:: - delete a PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `gracePeriodSeconds` -| `integer` -| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. -| `orphanDependents` -| `boolean` -| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. -| `propagationPolicy` -| `string` -| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema -| 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `GET` - -Description:: - read the specified PriorityLevelConfiguration - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PATCH` - -Description:: - partially update the specified PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -| `force` -| `boolean` -| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PUT` - -Description:: - replace the specified PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/watch/prioritylevelconfigurations/{name} - -.Global path parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `name` -| `string` -| name of the PriorityLevelConfiguration -|=== - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `allowWatchBookmarks` -| `boolean` -| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. -| `continue` -| `string` -| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". - -This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. -| `fieldSelector` -| `string` -| A selector to restrict the list of returned objects by their fields. Defaults to everything. -| `labelSelector` -| `string` -| A selector to restrict the list of returned objects by their labels. Defaults to everything. -| `limit` -| `integer` -| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. - -The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -| `resourceVersion` -| `string` -| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `resourceVersionMatch` -| `string` -| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. - -Defaults to unset -| `timeoutSeconds` -| `integer` -| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. -| `watch` -| `boolean` -| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. -|=== - -HTTP method:: - `GET` - -Description:: - watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema -| 401 - Unauthorized -| Empty -|=== - - -=== /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{name}/status - -.Global path parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `name` -| `string` -| name of the PriorityLevelConfiguration -|=== - -.Global query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `pretty` -| `string` -| If 'true', then the output is pretty printed. -|=== - -HTTP method:: - `GET` - -Description:: - read status of the specified PriorityLevelConfiguration - - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PATCH` - -Description:: - partially update status of the specified PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -| `force` -| `boolean` -| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== - -HTTP method:: - `PUT` - -Description:: - replace status of the specified PriorityLevelConfiguration - - -.Query parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `dryRun` -| `string` -| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed -| `fieldManager` -| `string` -| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. -| `fieldValidation` -| `string` -| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. -|=== - -.Body parameters -[cols="1,1,2",options="header"] -|=== -| Parameter | Type | Description -| `body` -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| -|=== - -.HTTP responses -[cols="1,1",options="header"] -|=== -| HTTP code | Reponse body -| 200 - OK -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 201 - Created -| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1[`PriorityLevelConfiguration`] schema -| 401 - Unauthorized -| Empty -|=== diff --git a/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc b/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc index 6714d1afde..7533c8ee9d 100644 --- a/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc +++ b/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc @@ -37,11 +37,11 @@ Type:: Description:: + -- -FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". + -- Type:: - `object` + `` == LimitRange [v1] @@ -70,11 +70,11 @@ Type:: Description:: + -- -PriorityLevelConfiguration represents the configuration of a priority level. + -- Type:: - `object` + `` == ResourceQuota [v1] diff --git a/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc b/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc index 316d6e6635..e23a462e4f 100644 --- a/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc +++ b/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc @@ -181,6 +181,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc b/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc index 2545d3e11d..8917ae0cf5 100644 --- a/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc +++ b/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc @@ -130,6 +130,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc b/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc index 99966d905e..83ccc16330 100644 --- a/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc +++ b/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc @@ -138,6 +138,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc b/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc index f65c2c339a..10ce421a35 100644 --- a/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc +++ b/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc @@ -43,7 +43,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `range` @@ -232,6 +232,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -423,6 +426,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -466,6 +472,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/workloads_apis/persistentvolume-v1.adoc b/rest_api/storage_apis/persistentvolume-v1.adoc similarity index 97% rename from rest_api/workloads_apis/persistentvolume-v1.adoc rename to rest_api/storage_apis/persistentvolume-v1.adoc index b60f70c95c..62cef3b2a1 100644 --- a/rest_api/workloads_apis/persistentvolume-v1.adoc +++ b/rest_api/storage_apis/persistentvolume-v1.adoc @@ -1897,7 +1897,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | |=== @@ -1906,11 +1906,11 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 201 - Created -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 202 - Accepted -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2040,9 +2040,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 202 - Accepted -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2059,7 +2059,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2103,9 +2103,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 201 - Created -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2137,7 +2137,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | |=== @@ -2146,9 +2146,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 201 - Created -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2259,7 +2259,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2303,9 +2303,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 201 - Created -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== @@ -2337,7 +2337,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | |=== @@ -2346,9 +2346,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 201 - Created -| xref:../workloads_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema +| xref:../storage_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc index dd9ad407e5..0071dde2a5 100644 --- a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc +++ b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc @@ -73,7 +73,14 @@ Type:: | `dataSourceRef` | `object` -| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -133,7 +140,14 @@ Required:: Description:: + -- -TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -161,6 +175,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.resources Description:: @@ -179,6 +197,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -187,6 +217,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .status Description:: diff --git a/rest_api/storage_apis/storage-apis-index.adoc b/rest_api/storage_apis/storage-apis-index.adoc index 34a278b7cb..484fed4279 100644 --- a/rest_api/storage_apis/storage-apis-index.adoc +++ b/rest_api/storage_apis/storage-apis-index.adoc @@ -45,6 +45,17 @@ The producer of these objects can decide which approach is more suitable. They are consumed by the kube-scheduler when a CSI driver opts into capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler compares the MaximumVolumeSize against the requested size of pending volumes to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back to a comparison against the less precise Capacity. If that is also unset, the scheduler assumes that capacity is insufficient and tries some other node. -- +Type:: + `object` + +== PersistentVolume [v1] + +Description:: ++ +-- +PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes +-- + Type:: `object` diff --git a/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc index 9c17fdda14..b9913c2851 100644 --- a/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc +++ b/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc @@ -38,7 +38,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -260,6 +260,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -451,6 +454,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -494,6 +500,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/template_apis/podtemplate-v1.adoc b/rest_api/template_apis/podtemplate-v1.adoc index c4d1d417ff..45cebb6851 100644 --- a/rest_api/template_apis/podtemplate-v1.adoc +++ b/rest_api/template_apis/podtemplate-v1.adoc @@ -215,6 +215,18 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `object` | PodReadinessGate contains the reference to a pod condition +| `resourceClaims` +| `array` +| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `resourceClaims[]` +| `object` +| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name. + | `restartPolicy` | `string` | Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy @@ -232,6 +244,16 @@ Possible enum values: | `string` | If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. +| `schedulingGates` +| `array` +| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + +This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. + +| `schedulingGates[]` +| `object` +| PodSchedulingGate is associated to a Pod to guard its scheduling. + | `securityContext` | `object` | PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext. @@ -2387,6 +2409,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -2395,6 +2429,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .template.spec.containers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .template.spec.containers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .template.spec.containers[].securityContext Description:: @@ -4349,6 +4424,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -4357,6 +4444,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .template.spec.ephemeralContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .template.spec.ephemeralContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .template.spec.ephemeralContainers[].securityContext Description:: @@ -6304,6 +6432,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6312,6 +6452,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .template.spec.initContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .template.spec.initContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .template.spec.initContainers[].securityContext Description:: @@ -6892,6 +7073,126 @@ Required:: | `string` | ConditionType refers to a condition in the pod's condition list with matching type. +|=== +=== .template.spec.resourceClaims +Description:: ++ +-- +ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .template.spec.resourceClaims[] +Description:: ++ +-- +PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. + +| `source` +| `object` +| ClaimSource describes a reference to a ResourceClaim. + +Exactly one of these fields should be set. Consumers of this type must treat an empty object as if it has an unknown value. + +|=== +=== .template.spec.resourceClaims[].source +Description:: ++ +-- +ClaimSource describes a reference to a ResourceClaim. + +Exactly one of these fields should be set. Consumers of this type must treat an empty object as if it has an unknown value. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `resourceClaimName` +| `string` +| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. + +| `resourceClaimTemplateName` +| `string` +| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. + +The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be -, where is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). + +An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. + +This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. + +|=== +=== .template.spec.schedulingGates +Description:: ++ +-- +SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + +This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. +-- + +Type:: + `array` + + + + +=== .template.spec.schedulingGates[] +Description:: ++ +-- +PodSchedulingGate is associated to a Pod to guard its scheduling. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the scheduling gate. Each scheduling gate must have a unique name field. + |=== === .template.spec.securityContext Description:: @@ -6944,7 +7245,7 @@ If unset, the Kubelet will not modify the ownership and permissions of any volum | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` @@ -7222,13 +7523,13 @@ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate | `string` | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. -If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. -If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` @@ -8039,7 +8340,14 @@ Type:: | `dataSourceRef` | `object` -| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -8099,7 +8407,14 @@ Required:: Description:: + -- -TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -8127,6 +8442,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -8145,6 +8464,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -8153,6 +8484,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .template.spec.volumes[].fc Description:: diff --git a/rest_api/template_apis/template-template-openshift-io-v1.adoc b/rest_api/template_apis/template-template-openshift-io-v1.adoc index d310902591..c3fbcda929 100644 --- a/rest_api/template_apis/template-template-openshift-io-v1.adoc +++ b/rest_api/template_apis/template-template-openshift-io-v1.adoc @@ -46,11 +46,11 @@ Required:: | message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output. | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `objects` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`array (RawExtension_v2)`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`array (RawExtension)`] | objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace. | `parameters` @@ -454,6 +454,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -656,6 +659,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -699,6 +705,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -744,6 +753,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc index 62bd341792..9dfc549149 100644 --- a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc +++ b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc @@ -38,7 +38,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -173,11 +173,11 @@ Required:: | message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output. | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `objects` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension_v2[`array (RawExtension_v2)`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`array (RawExtension)`] | objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace. | `parameters` @@ -709,6 +709,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -911,6 +914,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -954,6 +960,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -1111,6 +1120,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -1154,6 +1166,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc index b3b4bc8876..d8978339f7 100644 --- a/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc +++ b/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc @@ -38,7 +38,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `users` diff --git a/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc index 4b0e24d762..d45fb09334 100644 --- a/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc +++ b/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc @@ -44,7 +44,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `providerName` diff --git a/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc index d1252dd797..0cebe0b5d2 100644 --- a/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc +++ b/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc @@ -50,7 +50,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | |=== diff --git a/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc index c52d58f7b6..52298feb84 100644 --- a/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc +++ b/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3[`ObjectMeta_v3`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | | `user` diff --git a/rest_api/workloads_apis/build-build-openshift-io-v1.adoc b/rest_api/workloads_apis/build-build-openshift-io-v1.adoc index 3ed509c543..5478da985f 100644 --- a/rest_api/workloads_apis/build-build-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/build-build-openshift-io-v1.adoc @@ -36,7 +36,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -95,58 +95,58 @@ There are five different ways to configure the hook. As an example, all forms be 1. Shell script: - "postCommit": { - "script": "rake test --verbose", - } + "postCommit": { + "script": "rake test --verbose", + } - The above is a convenient form which is equivalent to: + The above is a convenient form which is equivalent to: - "postCommit": { - "command": ["/bin/sh", "-ic"], - "args": ["rake test --verbose"] - } + "postCommit": { + "command": ["/bin/sh", "-ic"], + "args": ["rake test --verbose"] + } 2. A command as the image entrypoint: - "postCommit": { - "commit": ["rake", "test", "--verbose"] - } + "postCommit": { + "commit": ["rake", "test", "--verbose"] + } - Command overrides the image entrypoint in the exec form, as documented in - Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. + Command overrides the image entrypoint in the exec form, as documented in + Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. 3. Pass arguments to the default entrypoint: - "postCommit": { - "args": ["rake", "test", "--verbose"] - } + "postCommit": { + "args": ["rake", "test", "--verbose"] + } - This form is only useful if the image entrypoint can handle arguments. + This form is only useful if the image entrypoint can handle arguments. 4. Shell script with arguments: - "postCommit": { - "script": "rake test $1", - "args": ["--verbose"] - } + "postCommit": { + "script": "rake test $1", + "args": ["--verbose"] + } - This form is useful if you need to pass arguments that would otherwise be - hard to quote properly in the shell script. In the script, $0 will be - "/bin/sh" and $1, $2, etc, are the positional arguments from Args. + This form is useful if you need to pass arguments that would otherwise be + hard to quote properly in the shell script. In the script, $0 will be + "/bin/sh" and $1, $2, etc, are the positional arguments from Args. 5. Command with arguments: - "postCommit": { - "command": ["rake", "test"], - "args": ["--verbose"] - } + "postCommit": { + "command": ["rake", "test"], + "args": ["--verbose"] + } - This form is equivalent to appending the arguments to the Command slice. + This form is equivalent to appending the arguments to the Command slice. It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed. | `resources` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements_v2[`ResourceRequirements_v2`] | resources computes resource requirements to execute the build. | `revision` @@ -261,53 +261,53 @@ There are five different ways to configure the hook. As an example, all forms be 1. Shell script: - "postCommit": { - "script": "rake test --verbose", - } + "postCommit": { + "script": "rake test --verbose", + } - The above is a convenient form which is equivalent to: + The above is a convenient form which is equivalent to: - "postCommit": { - "command": ["/bin/sh", "-ic"], - "args": ["rake test --verbose"] - } + "postCommit": { + "command": ["/bin/sh", "-ic"], + "args": ["rake test --verbose"] + } 2. A command as the image entrypoint: - "postCommit": { - "commit": ["rake", "test", "--verbose"] - } + "postCommit": { + "commit": ["rake", "test", "--verbose"] + } - Command overrides the image entrypoint in the exec form, as documented in - Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. + Command overrides the image entrypoint in the exec form, as documented in + Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. 3. Pass arguments to the default entrypoint: - "postCommit": { - "args": ["rake", "test", "--verbose"] - } + "postCommit": { + "args": ["rake", "test", "--verbose"] + } - This form is only useful if the image entrypoint can handle arguments. + This form is only useful if the image entrypoint can handle arguments. 4. Shell script with arguments: - "postCommit": { - "script": "rake test $1", - "args": ["--verbose"] - } + "postCommit": { + "script": "rake test $1", + "args": ["--verbose"] + } - This form is useful if you need to pass arguments that would otherwise be - hard to quote properly in the shell script. In the script, $0 will be - "/bin/sh" and $1, $2, etc, are the positional arguments from Args. + This form is useful if you need to pass arguments that would otherwise be + hard to quote properly in the shell script. In the script, $0 will be + "/bin/sh" and $1, $2, etc, are the positional arguments from Args. 5. Command with arguments: - "postCommit": { - "command": ["rake", "test"], - "args": ["--verbose"] - } + "postCommit": { + "command": ["rake", "test"], + "args": ["--verbose"] + } - This form is equivalent to appending the arguments to the Command slice. + This form is equivalent to appending the arguments to the Command slice. It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed. -- @@ -1052,15 +1052,15 @@ Required:: | Property | Type | Description | `configMap` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource_v2[`ConfigMapVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource[`ConfigMapVolumeSource`] | configMap represents a ConfigMap that should populate this volume | `csi` -| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource_v2[`CSIVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource[`CSIVolumeSource`] | csi represents ephemeral storage provided by external CSI drivers which support this capability | `secret` -| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource_v2[`SecretVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource[`SecretVolumeSource`] | secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret | `type` @@ -1258,15 +1258,15 @@ Required:: | Property | Type | Description | `configMap` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource_v2[`ConfigMapVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource[`ConfigMapVolumeSource`] | configMap represents a ConfigMap that should populate this volume | `csi` -| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource_v2[`CSIVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource[`CSIVolumeSource`] | csi represents ephemeral storage provided by external CSI drivers which support this capability | `secret` -| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource_v2[`SecretVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource[`SecretVolumeSource`] | secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret | `type` @@ -2522,6 +2522,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -2724,6 +2727,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -2767,6 +2773,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -2891,6 +2900,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc index f48d91ba66..c76771fda5 100644 --- a/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -103,58 +103,58 @@ There are five different ways to configure the hook. As an example, all forms be 1. Shell script: - "postCommit": { - "script": "rake test --verbose", - } + "postCommit": { + "script": "rake test --verbose", + } - The above is a convenient form which is equivalent to: + The above is a convenient form which is equivalent to: - "postCommit": { - "command": ["/bin/sh", "-ic"], - "args": ["rake test --verbose"] - } + "postCommit": { + "command": ["/bin/sh", "-ic"], + "args": ["rake test --verbose"] + } 2. A command as the image entrypoint: - "postCommit": { - "commit": ["rake", "test", "--verbose"] - } + "postCommit": { + "commit": ["rake", "test", "--verbose"] + } - Command overrides the image entrypoint in the exec form, as documented in - Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. + Command overrides the image entrypoint in the exec form, as documented in + Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. 3. Pass arguments to the default entrypoint: - "postCommit": { - "args": ["rake", "test", "--verbose"] - } + "postCommit": { + "args": ["rake", "test", "--verbose"] + } - This form is only useful if the image entrypoint can handle arguments. + This form is only useful if the image entrypoint can handle arguments. 4. Shell script with arguments: - "postCommit": { - "script": "rake test $1", - "args": ["--verbose"] - } + "postCommit": { + "script": "rake test $1", + "args": ["--verbose"] + } - This form is useful if you need to pass arguments that would otherwise be - hard to quote properly in the shell script. In the script, $0 will be - "/bin/sh" and $1, $2, etc, are the positional arguments from Args. + This form is useful if you need to pass arguments that would otherwise be + hard to quote properly in the shell script. In the script, $0 will be + "/bin/sh" and $1, $2, etc, are the positional arguments from Args. 5. Command with arguments: - "postCommit": { - "command": ["rake", "test"], - "args": ["--verbose"] - } + "postCommit": { + "command": ["rake", "test"], + "args": ["--verbose"] + } - This form is equivalent to appending the arguments to the Command slice. + This form is equivalent to appending the arguments to the Command slice. It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed. | `resources` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements_v2[`ResourceRequirements_v2`] | resources computes resource requirements to execute the build. | `revision` @@ -277,53 +277,53 @@ There are five different ways to configure the hook. As an example, all forms be 1. Shell script: - "postCommit": { - "script": "rake test --verbose", - } + "postCommit": { + "script": "rake test --verbose", + } - The above is a convenient form which is equivalent to: + The above is a convenient form which is equivalent to: - "postCommit": { - "command": ["/bin/sh", "-ic"], - "args": ["rake test --verbose"] - } + "postCommit": { + "command": ["/bin/sh", "-ic"], + "args": ["rake test --verbose"] + } 2. A command as the image entrypoint: - "postCommit": { - "commit": ["rake", "test", "--verbose"] - } + "postCommit": { + "commit": ["rake", "test", "--verbose"] + } - Command overrides the image entrypoint in the exec form, as documented in - Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. + Command overrides the image entrypoint in the exec form, as documented in + Docker: https://docs.docker.com/engine/reference/builder/#entrypoint. 3. Pass arguments to the default entrypoint: - "postCommit": { - "args": ["rake", "test", "--verbose"] - } + "postCommit": { + "args": ["rake", "test", "--verbose"] + } - This form is only useful if the image entrypoint can handle arguments. + This form is only useful if the image entrypoint can handle arguments. 4. Shell script with arguments: - "postCommit": { - "script": "rake test $1", - "args": ["--verbose"] - } + "postCommit": { + "script": "rake test $1", + "args": ["--verbose"] + } - This form is useful if you need to pass arguments that would otherwise be - hard to quote properly in the shell script. In the script, $0 will be - "/bin/sh" and $1, $2, etc, are the positional arguments from Args. + This form is useful if you need to pass arguments that would otherwise be + hard to quote properly in the shell script. In the script, $0 will be + "/bin/sh" and $1, $2, etc, are the positional arguments from Args. 5. Command with arguments: - "postCommit": { - "command": ["rake", "test"], - "args": ["--verbose"] - } + "postCommit": { + "command": ["rake", "test"], + "args": ["--verbose"] + } - This form is equivalent to appending the arguments to the Command slice. + This form is equivalent to appending the arguments to the Command slice. It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed. -- @@ -1068,15 +1068,15 @@ Required:: | Property | Type | Description | `configMap` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource_v2[`ConfigMapVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource[`ConfigMapVolumeSource`] | configMap represents a ConfigMap that should populate this volume | `csi` -| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource_v2[`CSIVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource[`CSIVolumeSource`] | csi represents ephemeral storage provided by external CSI drivers which support this capability | `secret` -| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource_v2[`SecretVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource[`SecretVolumeSource`] | secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret | `type` @@ -1274,15 +1274,15 @@ Required:: | Property | Type | Description | `configMap` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource_v2[`ConfigMapVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource[`ConfigMapVolumeSource`] | configMap represents a ConfigMap that should populate this volume | `csi` -| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource_v2[`CSIVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource[`CSIVolumeSource`] | csi represents ephemeral storage provided by external CSI drivers which support this capability | `secret` -| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource_v2[`SecretVolumeSource_v2`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource[`SecretVolumeSource`] | secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret | `type` @@ -2029,6 +2029,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -2231,6 +2234,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -2274,6 +2280,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc index 0437564883..8050ca0492 100644 --- a/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc @@ -56,7 +56,7 @@ Type:: | lastVersion (optional) is the LastVersion of the BuildConfig that was used to generate the build. If the BuildConfig in the generator doesn't match, a build will not be generated. | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `revision` @@ -940,6 +940,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. @@ -1001,6 +1004,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc index d79487add2..0a314f9acb 100644 --- a/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc @@ -40,7 +40,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] | | `spec` @@ -148,7 +148,7 @@ Type:: | RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy. | `resources` -| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements_v2[`ResourceRequirements_v2`] | Resources contains resource requirements to execute the deployment and any hooks. | `rollingParams` @@ -1475,6 +1475,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -1677,6 +1680,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -1720,6 +1726,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters @@ -1877,6 +1886,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `force` | `boolean` | Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. @@ -1920,6 +1932,9 @@ Description:: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |=== .Body parameters diff --git a/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc index f162ecd0a4..a2f88a0c88 100644 --- a/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc @@ -132,6 +132,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc index 57515b99f9..476eff4da9 100644 --- a/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc +++ b/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc @@ -89,6 +89,9 @@ The following API endpoints are available: | `fieldManager` | `string` | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. | `pretty` | `string` | If 'true', then the output is pretty printed. diff --git a/rest_api/workloads_apis/pod-v1.adoc b/rest_api/workloads_apis/pod-v1.adoc index b41a96f374..f8f4f4dc10 100644 --- a/rest_api/workloads_apis/pod-v1.adoc +++ b/rest_api/workloads_apis/pod-v1.adoc @@ -193,6 +193,18 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `object` | PodReadinessGate contains the reference to a pod condition +| `resourceClaims` +| `array` +| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `resourceClaims[]` +| `object` +| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name. + | `restartPolicy` | `string` | Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy @@ -210,6 +222,16 @@ Possible enum values: | `string` | If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. +| `schedulingGates` +| `array` +| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + +This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. + +| `schedulingGates[]` +| `object` +| PodSchedulingGate is associated to a Pod to guard its scheduling. + | `securityContext` | `object` | PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext. @@ -2365,6 +2387,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -2373,6 +2407,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.containers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.containers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.containers[].securityContext Description:: @@ -4327,6 +4402,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -4335,6 +4422,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.ephemeralContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.ephemeralContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.ephemeralContainers[].securityContext Description:: @@ -6282,6 +6410,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6290,6 +6430,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.initContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.initContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.initContainers[].securityContext Description:: @@ -6870,6 +7051,126 @@ Required:: | `string` | ConditionType refers to a condition in the pod's condition list with matching type. +|=== +=== .spec.resourceClaims +Description:: ++ +-- +ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.resourceClaims[] +Description:: ++ +-- +PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. + +| `source` +| `object` +| ClaimSource describes a reference to a ResourceClaim. + +Exactly one of these fields should be set. Consumers of this type must treat an empty object as if it has an unknown value. + +|=== +=== .spec.resourceClaims[].source +Description:: ++ +-- +ClaimSource describes a reference to a ResourceClaim. + +Exactly one of these fields should be set. Consumers of this type must treat an empty object as if it has an unknown value. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `resourceClaimName` +| `string` +| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. + +| `resourceClaimTemplateName` +| `string` +| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. + +The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be -, where is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). + +An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. + +This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. + +|=== +=== .spec.schedulingGates +Description:: ++ +-- +SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + +This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. +-- + +Type:: + `array` + + + + +=== .spec.schedulingGates[] +Description:: ++ +-- +PodSchedulingGate is associated to a Pod to guard its scheduling. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the scheduling gate. Each scheduling gate must have a unique name field. + |=== === .spec.securityContext Description:: @@ -6922,7 +7223,7 @@ If unset, the Kubelet will not modify the ownership and permissions of any volum | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` @@ -7200,13 +7501,13 @@ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate | `string` | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. -If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. -If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` @@ -8017,7 +8318,14 @@ Type:: | `dataSourceRef` | `object` -| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -8077,7 +8385,14 @@ Required:: Description:: + -- -TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -8105,6 +8420,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -8123,6 +8442,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -8131,6 +8462,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.volumes[].fc Description:: diff --git a/rest_api/workloads_apis/replicaset-apps-v1.adoc b/rest_api/workloads_apis/replicaset-apps-v1.adoc index 4467b57b50..2889690b68 100644 --- a/rest_api/workloads_apis/replicaset-apps-v1.adoc +++ b/rest_api/workloads_apis/replicaset-apps-v1.adoc @@ -127,7 +127,7 @@ Required:: | `replicas` | `integer` -| Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller +| Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller |=== === .status.conditions diff --git a/rest_api/workloads_apis/replicationcontroller-v1.adoc b/rest_api/workloads_apis/replicationcontroller-v1.adoc index 8f97375982..3d78cb02c8 100644 --- a/rest_api/workloads_apis/replicationcontroller-v1.adoc +++ b/rest_api/workloads_apis/replicationcontroller-v1.adoc @@ -253,6 +253,18 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi | `object` | PodReadinessGate contains the reference to a pod condition +| `resourceClaims` +| `array` +| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `resourceClaims[]` +| `object` +| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name. + | `restartPolicy` | `string` | Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy @@ -270,6 +282,16 @@ Possible enum values: | `string` | If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. +| `schedulingGates` +| `array` +| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + +This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. + +| `schedulingGates[]` +| `object` +| PodSchedulingGate is associated to a Pod to guard its scheduling. + | `securityContext` | `object` | PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext. @@ -2425,6 +2447,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -2433,6 +2467,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.template.spec.containers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.containers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.template.spec.containers[].securityContext Description:: @@ -4387,6 +4462,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -4395,6 +4482,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.template.spec.ephemeralContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.ephemeralContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.template.spec.ephemeralContainers[].securityContext Description:: @@ -6342,6 +6470,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6350,6 +6490,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.template.spec.initContainers[].resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.initContainers[].resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.template.spec.initContainers[].securityContext Description:: @@ -6930,6 +7111,126 @@ Required:: | `string` | ConditionType refers to a condition in the pod's condition list with matching type. +|=== +=== .spec.template.spec.resourceClaims +Description:: ++ +-- +ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.resourceClaims[] +Description:: ++ +-- +PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. + +| `source` +| `object` +| ClaimSource describes a reference to a ResourceClaim. + +Exactly one of these fields should be set. Consumers of this type must treat an empty object as if it has an unknown value. + +|=== +=== .spec.template.spec.resourceClaims[].source +Description:: ++ +-- +ClaimSource describes a reference to a ResourceClaim. + +Exactly one of these fields should be set. Consumers of this type must treat an empty object as if it has an unknown value. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `resourceClaimName` +| `string` +| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. + +| `resourceClaimTemplateName` +| `string` +| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. + +The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be -, where is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). + +An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. + +This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. + +|=== +=== .spec.template.spec.schedulingGates +Description:: ++ +-- +SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + +This is an alpha-level feature enabled by PodSchedulingReadiness feature gate. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.schedulingGates[] +Description:: ++ +-- +PodSchedulingGate is associated to a Pod to guard its scheduling. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the scheduling gate. Each scheduling gate must have a unique name field. + |=== === .spec.template.spec.securityContext Description:: @@ -6982,7 +7283,7 @@ If unset, the Kubelet will not modify the ownership and permissions of any volum | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` @@ -7260,13 +7561,13 @@ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate | `string` | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. -If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. -If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` @@ -8077,7 +8378,14 @@ Type:: | `dataSourceRef` | `object` -| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` @@ -8137,7 +8445,14 @@ Required:: Description:: + -- -TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -8165,6 +8480,10 @@ Required:: | `string` | Name is the name of resource being referenced +| `namespace` +| `string` +| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + |=== === .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: @@ -8183,6 +8502,18 @@ Type:: |=== | Property | Type | Description +| `claims` +| `array` +| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. + +| `claims[]` +| `object` +| ResourceClaim references one entry in PodSpec.ResourceClaims. + | `limits` | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -8191,6 +8522,47 @@ Type:: | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +|=== +=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims +Description:: ++ +-- +Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + +This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + +This field is immutable. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[] +Description:: ++ +-- +ResourceClaim references one entry in PodSpec.ResourceClaims. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + |=== === .spec.template.spec.volumes[].fc Description:: @@ -9503,7 +9875,7 @@ Required:: | `replicas` | `integer` -| Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller +| Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller |=== === .status.conditions diff --git a/rest_api/workloads_apis/statefulset-apps-v1.adoc b/rest_api/workloads_apis/statefulset-apps-v1.adoc index b52582a607..8bcac577c7 100644 --- a/rest_api/workloads_apis/statefulset-apps-v1.adoc +++ b/rest_api/workloads_apis/statefulset-apps-v1.adoc @@ -75,6 +75,10 @@ Required:: | `integer` | Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) +| `ordinals` +| `object` +| StatefulSetOrdinals describes the policy used for replica ordinal assignment in this StatefulSet. + | `persistentVolumeClaimRetentionPolicy` | `object` | StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from the StatefulSet VolumeClaimTemplates. @@ -105,7 +109,7 @@ Possible enum values: | `template` | xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`] -| template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. +| template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format -. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3". | `updateStrategy` | `object` @@ -115,6 +119,31 @@ Possible enum values: | xref:../storage_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`array (PersistentVolumeClaim)`] | volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. +|=== +=== .spec.ordinals +Description:: ++ +-- +StatefulSetOrdinals describes the policy used for replica ordinal assignment in this StatefulSet. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `start` +| `integer` +| start is the number representing the first replica's index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range: + [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). +If unset, defaults to 0. Replica indices will be in the range: + [0, .spec.replicas). + |=== === .spec.persistentVolumeClaimRetentionPolicy Description:: diff --git a/rest_api/workloads_apis/workloads-apis-index.adoc b/rest_api/workloads_apis/workloads-apis-index.adoc index b4466d53fe..7343f1e80d 100644 --- a/rest_api/workloads_apis/workloads-apis-index.adoc +++ b/rest_api/workloads_apis/workloads-apis-index.adoc @@ -178,17 +178,6 @@ Description:: ReplicationController represents the configuration of a replication controller. -- -Type:: - `object` - -== PersistentVolume [v1] - -Description:: -+ --- -PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes --- - Type:: `object`