diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index ca320cf499..4e77e35b0c 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -3519,6 +3519,49 @@ Topics: File: horizontalpodautoscaler-autoscaling-v2 - Name: 'Scale [autoscaling/v1]' File: scale-autoscaling-v1 +- Name: Cluster APIs + Dir: cluster_apis + Topics: + - Name: About Cluster APIs + File: cluster-apis-index + - Name: 'Cluster [cluster.x-k8s.io/v1beta1]' + File: cluster-cluster-x-k8s-io-v1beta1 + - Name: 'ClusterClass [cluster.x-k8s.io/v1beta1]' + File: clusterclass-cluster-x-k8s-io-v1beta1 + - Name: 'ExtensionConfig [runtime.cluster.x-k8s.io/v1alpha1]' + File: extensionconfig-runtime-cluster-x-k8s-io-v1alpha1 + - Name: 'Machine [cluster.x-k8s.io/v1beta1]' + File: machine-cluster-x-k8s-io-v1beta1 + - Name: 'MachineDeployment [cluster.x-k8s.io/v1beta1]' + File: machinedeployment-cluster-x-k8s-io-v1beta1 + - Name: 'MachineHealthCheck [cluster.x-k8s.io/v1beta1]' + File: machinehealthcheck-cluster-x-k8s-io-v1beta1 + - Name: 'MachinePool [cluster.x-k8s.io/v1beta1]' + File: machinepool-cluster-x-k8s-io-v1beta1 + - Name: 'MachineSet [cluster.x-k8s.io/v1beta1]' + File: machineset-cluster-x-k8s-io-v1beta1 + - Name: 'ClusterResourceSet [addons.cluster.x-k8s.io/v1beta1]' + File: clusterresourceset-addons-cluster-x-k8s-io-v1beta1 + - Name: 'ClusterResourceSetBinding [addons.cluster.x-k8s.io/v1beta1]' + File: clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1 + - Name: 'GCPCluster [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'GCPClusterTemplate [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'GCPMachine [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'GCPMachineTemplate [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'GCPManagedCluster [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'GCPManagedControlPlane [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'GCPManagedMachinePool [infrastructure.cluster.x-k8s.io/v1beta1]' + File: gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1 + - Name: 'IPAddress [ipam.cluster.x-k8s.io/v1beta1]' + File: ipaddress-ipam-cluster-x-k8s-io-v1beta1 + - Name: 'IPAddressClaim [ipam.cluster.x-k8s.io/v1beta1]' + File: ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1 - Name: Config APIs Dir: config_apis Topics: @@ -3528,8 +3571,12 @@ Topics: File: apiserver-config-openshift-io-v1 - Name: 'Authentication [config.openshift.io/v1]' File: authentication-config-openshift-io-v1 + - Name: 'Backup [config.openshift.io/v1alpha1]' + File: backup-config-openshift-io-v1alpha1 - Name: 'Build [config.openshift.io/v1]' File: build-config-openshift-io-v1 + - Name: 'ClusterImagePolicy [config.openshift.io/v1alpha1]' + File: clusterimagepolicy-config-openshift-io-v1alpha1 - Name: 'ClusterOperator [config.openshift.io/v1]' File: clusteroperator-config-openshift-io-v1 - Name: 'ClusterVersion [config.openshift.io/v1]' @@ -3550,6 +3597,8 @@ Topics: File: imagecontentpolicy-config-openshift-io-v1 - Name: 'ImageTagMirrorSet [config.openshift.io/v1]' File: imagetagmirrorset-config-openshift-io-v1 + - Name: 'InsightsDataGather [config.openshift.io/v1alpha1]' + File: insightsdatagather-config-openshift-io-v1alpha1 - Name: 'Infrastructure [config.openshift.io/v1]' File: infrastructure-config-openshift-io-v1 - Name: 'Ingress [config.openshift.io/v1]' @@ -3602,6 +3651,10 @@ Topics: File: customresourcedefinition-apiextensions-k8s-io-v1 - Name: 'MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]' File: mutatingwebhookconfiguration-admissionregistration-k8s-io-v1 + - Name: 'ValidatingAdmissionPolicy [admissionregistration.k8s.io/v1]' + File: validatingadmissionpolicy-admissionregistration-k8s-io-v1 + - Name: 'ValidatingAdmissionPolicyBinding [admissionregistration.k8s.io/v1]' + File: validatingadmissionpolicybinding-admissionregistration-k8s-io-v1 - Name: 'ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]' File: validatingwebhookconfiguration-admissionregistration-k8s-io-v1 - Name: Image APIs @@ -3652,6 +3705,14 @@ Topics: File: machine-machine-openshift-io-v1beta1 - Name: 'MachineSet [machine.openshift.io/v1beta1]' File: machineset-machine-openshift-io-v1beta1 + - Name: 'MachineConfigNode [machineconfiguration.openshift.io/v1alpha1]' + File: machineconfignode-machineconfiguration-openshift-io-v1alpha1 + - Name: 'MachineOSBuild [machineconfiguration.openshift.io/v1alpha1]' + File: machineosbuild-machineconfiguration-openshift-io-v1alpha1 + - Name: 'MachineOSConfig [machineconfiguration.openshift.io/v1alpha1]' + File: machineosconfig-machineconfiguration-openshift-io-v1alpha1 + - Name: 'PinnedImageSet [machineconfiguration.openshift.io/v1alpha1]' + File: pinnedimageset-machineconfiguration-openshift-io-v1alpha1 - Name: Metadata APIs Dir: metadata_apis Topics: @@ -3675,6 +3736,8 @@ Topics: File: lease-coordination-k8s-io-v1 - Name: 'Namespace [undefined/v1]' File: namespace-v1 + - Name: 'SharedConfigMap [sharedresource.openshift.io/v1alpha1]' + File: sharedconfigmap-sharedresource-openshift-io-v1alpha1 - Name: Monitoring APIs Dir: monitoring_apis Topics: @@ -3688,6 +3751,8 @@ Topics: File: alertrelabelconfig-monitoring-openshift-io-v1 - Name: 'AlertingRule [monitoring.openshift.io/v1]' File: alertingrule-monitoring-openshift-io-v1 + - Name: 'DataGather [insights.openshift.io/v1alpha1]' + File: datagather-insights-openshift-io-v1alpha1 - Name: 'PodMonitor [monitoring.coreos.com/v1]' File: podmonitor-monitoring-coreos-com-v1 - Name: 'Probe [monitoring.coreos.com/v1]' @@ -3700,6 +3765,10 @@ Topics: File: servicemonitor-monitoring-coreos-com-v1 - Name: 'ThanosRuler [monitoring.coreos.com/v1]' File: thanosruler-monitoring-coreos-com-v1 + - Name: 'NodeMetrics [metrics.k8s.io/v1beta1]' + File: nodemetrics-metrics-k8s-io-v1beta1 + - Name: 'PodMetrics [metrics.k8s.io/v1beta1]' + File: podmetrics-metrics-k8s-io-v1beta1 - Name: Network APIs Dir: network_apis Topics: @@ -3713,6 +3782,8 @@ Topics: File: baselineadminnetworkpolicy-policy-networking-k8s-io-v1alpha1 - Name: 'CloudPrivateIPConfig [cloud.network.openshift.io/v1]' File: cloudprivateipconfig-cloud-network-openshift-io-v1 + - Name: 'DNSNameResolver [network.openshift.io/v1alpha1]' + File: dnsnameresolver-network-openshift-io-v1alpha1 - Name: 'EgressFirewall [k8s.ovn.org/v1]' File: egressfirewall-k8s-ovn-org-v1 - Name: 'EgressIP [k8s.ovn.org/v1]' @@ -3731,10 +3802,8 @@ Topics: File: ingress-networking-k8s-io-v1 - Name: 'IngressClass [networking.k8s.io/v1]' File: ingressclass-networking-k8s-io-v1 - - Name: 'IPAddress [ipam.cluster.x-k8s.io/v1beta1]' - File: ipaddress-ipam-cluster-x-k8s-io-v1beta1 - - Name: 'IPAddressClaim [ipam.cluster.x-k8s.io/v1beta1]' - File: ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1 + - Name: 'IPAMClaim [k8s.cni.cncf.io/v1alpha1]' + File: ipamclaim-k8s-cni-cncf-io-v1alpha1 - Name: 'IPPool [whereabouts.cni.cncf.io/v1alpha1]' File: ippool-whereabouts-cni-cncf-io-v1alpha1 - Name: 'NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]' @@ -3749,6 +3818,8 @@ Topics: File: route-route-openshift-io-v1 - Name: 'Service [undefined/v1]' File: service-v1 + - Name: 'UserDefinedNetwork [k8s.ovn.org/v1]' + File: userdefinednetwork-k8s-ovn-org-v1 - Name: Node APIs Dir: node_apis Topics: @@ -3806,6 +3877,8 @@ Topics: File: dnsrecord-ingress-operator-openshift-io-v1 - Name: 'Etcd [operator.openshift.io/v1]' File: etcd-operator-openshift-io-v1 + - Name: 'EtcdBackup [operator.openshift.io/v1alpha1]' + File: etcdbackup-operator-openshift-io-v1alpha1 - Name: 'ImageContentSourcePolicy [operator.openshift.io/v1alpha1]' File: imagecontentsourcepolicy-operator-openshift-io-v1alpha1 - Name: 'ImagePruner [imageregistry.operator.openshift.io/v1]' @@ -3843,10 +3916,16 @@ Topics: File: operatorhub-apis-index - Name: 'CatalogSource [operators.coreos.com/v1alpha1]' File: catalogsource-operators-coreos-com-v1alpha1 + - Name: 'ClusterCatalog [catalogd.operatorframework.io/v1alpha1]' + File: clustercatalog-catalogd-operatorframework-io-v1alpha1 + - Name: 'ClusterExtension [olm.operatorframework.io/v1alpha1]' + File: clusterextension-olm-operatorframework-io-v1alpha1 - Name: 'ClusterServiceVersion [operators.coreos.com/v1alpha1]' File: clusterserviceversion-operators-coreos-com-v1alpha1 - Name: 'InstallPlan [operators.coreos.com/v1alpha1]' File: installplan-operators-coreos-com-v1alpha1 + - Name: 'OLM [operator.openshift.io/v1alpha1]' + File: olm-operator-openshift-io-v1alpha1 - Name: 'OLMConfig [operators.coreos.com/v1]' File: olmconfig-operators-coreos-com-v1 - Name: 'Operator [operators.coreos.com/v1]' @@ -3947,10 +4026,24 @@ Topics: File: limitrange-v1 - Name: 'PriorityClass [scheduling.k8s.io/v1]' File: priorityclass-scheduling-k8s-io-v1 + - Name: 'PodSchedulingContext [resource.k8s.io/v1alpha2]' + File: podschedulingcontext-resource-k8s-io-v1alpha2 - Name: 'PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1]' File: prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1 - Name: 'ResourceQuota [undefined/v1]' File: resourcequota-v1 + - Name: 'ResourceClaim [resource.k8s.io/v1alpha2]' + File: resourceclaim-resource-k8s-io-v1alpha2 + - Name: 'ResourceClaimParameters [resource.k8s.io/v1alpha2]' + File: resourceclaimparameters-resource-k8s-io-v1alpha2 + - Name: 'ResourceClaimTemplate [resource.k8s.io/v1alpha2]' + File: resourceclaimtemplate-resource-k8s-io-v1alpha2 + - Name: 'ResourceClass [resource.k8s.io/v1alpha2]' + File: resourceclass-resource-k8s-io-v1alpha2 + - Name: 'ResourceClassParameters [resource.k8s.io/v1alpha2]' + File: resourceclassparameters-resource-k8s-io-v1alpha2 + - Name: 'ResourceSlice [resource.k8s.io/v1alpha2]' + File: resourceslice-resource-k8s-io-v1alpha2 - Name: Security APIs Dir: security_apis Topics: @@ -3968,6 +4061,8 @@ Topics: File: podsecuritypolicysubjectreview-security-openshift-io-v1 - Name: 'RangeAllocation [security.openshift.io/v1]' File: rangeallocation-security-openshift-io-v1 + - Name: 'SharedSecret [sharedresource.openshift.io/v1alpha1]' + File: sharedsecret-sharedresource-openshift-io-v1alpha1 - Name: 'Secret [undefined/v1]' File: secret-v1 - Name: 'SecurityContextConstraints [security.openshift.io/v1]' @@ -3997,6 +4092,12 @@ Topics: File: storageversionmigration-migration-k8s-io-v1alpha1 - Name: 'VolumeAttachment [storage.k8s.io/v1]' File: volumeattachment-storage-k8s-io-v1 + - Name: 'VolumeGroupSnapshot [groupsnapshot.storage.k8s.io/v1alpha1]' + File: volumegroupsnapshot-groupsnapshot-storage-k8s-io-v1alpha1 + - Name: 'VolumeGroupSnapshotClass [groupsnapshot.storage.k8s.io/v1alpha1]' + File: volumegroupsnapshotclass-groupsnapshot-storage-k8s-io-v1alpha1 + - Name: 'VolumeGroupSnapshotContent [groupsnapshot.storage.k8s.io/v1alpha1]' + File: volumegroupsnapshotcontent-groupsnapshot-storage-k8s-io-v1alpha1 - Name: 'VolumeSnapshot [snapshot.storage.k8s.io/v1]' File: volumesnapshot-snapshot-storage-k8s-io-v1 - Name: 'VolumeSnapshotClass [snapshot.storage.k8s.io/v1]' diff --git a/api-config.yaml b/api-config.yaml index 4b83c9eda3..6af8396803 100644 --- a/api-config.yaml +++ b/api-config.yaml @@ -57,6 +57,65 @@ apiMap: - kind: Scale group: autoscaling version: v1 +- name: Cluster APIs + resources: + - kind: Cluster + group: cluster.x-k8s.io + version: v1beta1 + - kind: ClusterClass + group: cluster.x-k8s.io + version: v1beta1 + - kind: ExtensionConfig + group: runtime.cluster.x-k8s.io + version: v1alpha1 + - kind: Machine + group: cluster.x-k8s.io + version: v1beta1 + - kind: MachineDeployment + group: cluster.x-k8s.io + version: v1beta1 + - kind: MachineHealthCheck + group: cluster.x-k8s.io + version: v1beta1 + - kind: MachinePool + group: cluster.x-k8s.io + version: v1beta1 + - kind: MachineSet + group: cluster.x-k8s.io + version: v1beta1 + - kind: ClusterResourceSet + group: addons.cluster.x-k8s.io + version: v1beta1 + - kind: ClusterResourceSetBinding + group: addons.cluster.x-k8s.io + version: v1beta1 + - kind: GCPCluster + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: GCPClusterTemplate + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: GCPMachine + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: GCPMachineTemplate + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: GCPManagedCluster + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: GCPManagedControlPlane + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: GCPManagedMachinePool + group: infrastructure.cluster.x-k8s.io + version: v1beta1 + - kind: IPAddress + group: ipam.cluster.x-k8s.io + version: v1beta1 + - kind: IPAddressClaim + group: ipam.cluster.x-k8s.io + version: v1beta1 - name: Config APIs resources: - kind: APIServer @@ -65,9 +124,15 @@ apiMap: - kind: Authentication group: config.openshift.io version: v1 + - kind: Backup + group: config.openshift.io + version: v1alpha1 - kind: Build group: config.openshift.io version: v1 + - kind: ClusterImagePolicy + group: config.openshift.io + version: v1alpha1 - kind: ClusterOperator group: config.openshift.io version: v1 @@ -98,6 +163,9 @@ apiMap: - kind: ImageTagMirrorSet group: config.openshift.io version: v1 + - kind: InsightsDataGather + group: config.openshift.io + version: v1alpha1 - kind: Infrastructure group: config.openshift.io version: v1 @@ -165,6 +233,12 @@ apiMap: - kind: MutatingWebhookConfiguration group: admissionregistration.k8s.io version: v1 + - kind: ValidatingAdmissionPolicy + group: admissionregistration.k8s.io + version: v1 + - kind: ValidatingAdmissionPolicyBinding + group: admissionregistration.k8s.io + version: v1 - kind: ValidatingWebhookConfiguration group: admissionregistration.k8s.io version: v1 @@ -229,6 +303,18 @@ apiMap: - kind: MachineSet group: machine.openshift.io version: v1beta1 + - kind: MachineConfigNode + group: machineconfiguration.openshift.io + version: v1alpha1 + - kind: MachineOSBuild + group: machineconfiguration.openshift.io + version: v1alpha1 + - kind: MachineOSConfig + group: machineconfiguration.openshift.io + version: v1alpha1 + - kind: PinnedImageSet + group: machineconfiguration.openshift.io + version: v1alpha1 - name: Metadata APIs resources: - kind: APIRequestCount @@ -253,6 +339,9 @@ apiMap: version: v1 - kind: Namespace version: v1 + - kind: SharedConfigMap + group: sharedresource.openshift.io + version: v1alpha1 - name: Monitoring APIs resources: - kind: Alertmanager @@ -267,6 +356,9 @@ apiMap: - kind: AlertingRule group: monitoring.openshift.io version: v1 + - kind: DataGather + group: insights.openshift.io + version: v1alpha1 - kind: PodMonitor group: monitoring.coreos.com version: v1 @@ -285,6 +377,12 @@ apiMap: - kind: ThanosRuler group: monitoring.coreos.com version: v1 + - kind: NodeMetrics + group: metrics.k8s.io + version: v1beta1 + - kind: PodMetrics + group: metrics.k8s.io + version: v1beta1 - name: Network APIs resources: # OpenShift SDN @@ -303,6 +401,9 @@ apiMap: - kind: CloudPrivateIPConfig group: cloud.network.openshift.io version: v1 + - kind: DNSNameResolver + group: network.openshift.io + version: v1alpha1 - kind: EgressFirewall group: k8s.ovn.org version: v1 @@ -337,12 +438,9 @@ apiMap: - kind: IngressClass group: networking.k8s.io version: v1 - - kind: IPAddress - group: ipam.cluster.x-k8s.io - version: v1beta1 - - kind: IPAddressClaim - group: ipam.cluster.x-k8s.io - version: v1beta1 + - kind: IPAMClaim + group: k8s.cni.cncf.io + version: v1alpha1 - kind: IPPool group: whereabouts.cni.cncf.io version: v1alpha1 @@ -367,6 +465,9 @@ apiMap: version: v1 - kind: Service version: v1 + - kind: UserDefinedNetwork + group: k8s.ovn.org + version: v1 - name: Node APIs resources: - kind: Node @@ -441,6 +542,9 @@ apiMap: - kind: Etcd group: operator.openshift.io version: v1 + - kind: EtcdBackup + group: operator.openshift.io + version: v1alpha1 - kind: ImageContentSourcePolicy group: operator.openshift.io version: v1alpha1 @@ -491,12 +595,21 @@ apiMap: - kind: CatalogSource group: operators.coreos.com version: v1alpha1 + - kind: ClusterCatalog + group: catalogd.operatorframework.io + version: v1alpha1 + - kind: ClusterExtension + group: olm.operatorframework.io + version: v1alpha1 - kind: ClusterServiceVersion group: operators.coreos.com version: v1alpha1 - kind: InstallPlan group: operators.coreos.com version: v1alpha1 + - kind: OLM + group: operator.openshift.io + version: v1alpha1 - kind: OLMConfig group: operators.coreos.com version: v1 @@ -619,11 +732,32 @@ apiMap: - kind: PriorityClass group: scheduling.k8s.io version: v1 + - kind: PodSchedulingContext + group: resource.k8s.io + version: v1alpha2 - kind: PriorityLevelConfiguration group: flowcontrol.apiserver.k8s.io version: v1 - kind: ResourceQuota version: v1 + - kind: ResourceClaim + group: resource.k8s.io + version: v1alpha2 + - kind: ResourceClaimParameters + group: resource.k8s.io + version: v1alpha2 + - kind: ResourceClaimTemplate + group: resource.k8s.io + version: v1alpha2 + - kind: ResourceClass + group: resource.k8s.io + version: v1alpha2 + - kind: ResourceClassParameters + group: resource.k8s.io + version: v1alpha2 + - kind: ResourceSlice + group: resource.k8s.io + version: v1alpha2 - name: Security APIs resources: - kind: CertificateSigningRequest @@ -650,6 +784,9 @@ apiMap: # version: v1 # plural: rangeallocations # namespaced: false + - kind: SharedSecret + group: sharedresource.openshift.io + version: v1alpha1 - kind: Secret version: v1 - kind: SecurityContextConstraints @@ -684,6 +821,15 @@ apiMap: - kind: VolumeAttachment group: storage.k8s.io version: v1 + - kind: VolumeGroupSnapshot + group: groupsnapshot.storage.k8s.io + version: v1alpha1 + - kind: VolumeGroupSnapshotClass + group: groupsnapshot.storage.k8s.io + version: v1alpha1 + - kind: VolumeGroupSnapshotContent + group: groupsnapshot.storage.k8s.io + version: v1alpha1 - kind: VolumeSnapshot group: snapshot.storage.k8s.io version: v1 diff --git a/rest_api/cluster_apis/cluster-apis-index.adoc b/rest_api/cluster_apis/cluster-apis-index.adoc new file mode 100644 index 0000000000..ad56e9d96d --- /dev/null +++ b/rest_api/cluster_apis/cluster-apis-index.adoc @@ -0,0 +1,218 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="cluster-apis"] += Cluster APIs +:toc: macro +:toc-title: + +toc::[] + +== Cluster [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +Cluster is the Schema for the clusters API. +-- + +Type:: + `object` + +== ClusterClass [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +ClusterClass is a template which can be used to create managed topologies. +-- + +Type:: + `object` + +== ExtensionConfig [runtime.cluster.x-k8s.io/v1alpha1] + +Description:: ++ +-- +ExtensionConfig is the Schema for the ExtensionConfig API. +-- + +Type:: + `object` + +== Machine [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +Machine is the Schema for the machines API. +-- + +Type:: + `object` + +== MachineDeployment [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +MachineDeployment is the Schema for the machinedeployments API. +-- + +Type:: + `object` + +== MachineHealthCheck [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +MachineHealthCheck is the Schema for the machinehealthchecks API. +-- + +Type:: + `object` + +== MachinePool [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +MachinePool is the Schema for the machinepools API. +-- + +Type:: + `object` + +== MachineSet [cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +MachineSet is the Schema for the machinesets API. +-- + +Type:: + `object` + +== ClusterResourceSet [addons.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +ClusterResourceSet is the Schema for the clusterresourcesets API. +-- + +Type:: + `object` + +== ClusterResourceSetBinding [addons.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. +-- + +Type:: + `object` + +== GCPCluster [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPCluster is the Schema for the gcpclusters API. +-- + +Type:: + `object` + +== GCPClusterTemplate [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPClusterTemplate is the Schema for the gcpclustertemplates API. +-- + +Type:: + `object` + +== GCPMachine [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPMachine is the Schema for the gcpmachines API. +-- + +Type:: + `object` + +== GCPMachineTemplate [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPMachineTemplate is the Schema for the gcpmachinetemplates API. +-- + +Type:: + `object` + +== GCPManagedCluster [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPManagedCluster is the Schema for the gcpmanagedclusters API. +-- + +Type:: + `object` + +== GCPManagedControlPlane [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPManagedControlPlane is the Schema for the gcpmanagedcontrolplanes API. +-- + +Type:: + `object` + +== GCPManagedMachinePool [infrastructure.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +GCPManagedMachinePool is the Schema for the gcpmanagedmachinepools API. +-- + +Type:: + `object` + +== IPAddress [ipam.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +IPAddress is the Schema for the ipaddress API. +-- + +Type:: + `object` + +== IPAddressClaim [ipam.cluster.x-k8s.io/v1beta1] + +Description:: ++ +-- +IPAddressClaim is the Schema for the ipaddressclaim API. +-- + +Type:: + `object` + diff --git a/rest_api/cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..523c199c52 --- /dev/null +++ b/rest_api/cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,1995 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="cluster-cluster-x-k8s-io-v1beta1"] += Cluster [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +Cluster is the Schema for the clusters API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| ClusterSpec defines the desired state of Cluster. + +| `status` +| `object` +| ClusterStatus defines the observed state of Cluster. + +|=== +=== .spec +Description:: ++ +-- +ClusterSpec defines the desired state of Cluster. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterNetwork` +| `object` +| Cluster network configuration. + +| `controlPlaneEndpoint` +| `object` +| ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + +| `controlPlaneRef` +| `object` +| ControlPlaneRef is an optional reference to a provider-specific resource that holds +the details for provisioning the Control Plane for a Cluster. + +| `infrastructureRef` +| `object` +| InfrastructureRef is a reference to a provider-specific resource that holds the details +for provisioning infrastructure for a cluster in said provider. + +| `paused` +| `boolean` +| Paused can be used to prevent controllers from processing the Cluster and all its associated objects. + +| `topology` +| `object` +| This encapsulates the topology for the cluster. +NOTE: It is required to enable the ClusterTopology +feature gate flag to activate managed topologies support; +this feature is highly experimental, and parts of it might still be not implemented. + +|=== +=== .spec.clusterNetwork +Description:: ++ +-- +Cluster network configuration. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiServerPort` +| `integer` +| APIServerPort specifies the port the API Server should bind to. +Defaults to 6443. + +| `pods` +| `object` +| The network ranges from which Pod networks are allocated. + +| `serviceDomain` +| `string` +| Domain name for services. + +| `services` +| `object` +| The network ranges from which service VIPs are allocated. + +|=== +=== .spec.clusterNetwork.pods +Description:: ++ +-- +The network ranges from which Pod networks are allocated. +-- + +Type:: + `object` + +Required:: + - `cidrBlocks` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidrBlocks` +| `array (string)` +| + +|=== +=== .spec.clusterNetwork.services +Description:: ++ +-- +The network ranges from which service VIPs are allocated. +-- + +Type:: + `object` + +Required:: + - `cidrBlocks` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidrBlocks` +| `array (string)` +| + +|=== +=== .spec.controlPlaneEndpoint +Description:: ++ +-- +ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. +-- + +Type:: + `object` + +Required:: + - `host` + - `port` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `host` +| `string` +| The hostname on which the API server is serving. + +| `port` +| `integer` +| The port on which the API server is serving. + +|=== +=== .spec.controlPlaneRef +Description:: ++ +-- +ControlPlaneRef is an optional reference to a provider-specific resource that holds +the details for provisioning the Control Plane for a Cluster. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.infrastructureRef +Description:: ++ +-- +InfrastructureRef is a reference to a provider-specific resource that holds the details +for provisioning infrastructure for a cluster in said provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.topology +Description:: ++ +-- +This encapsulates the topology for the cluster. +NOTE: It is required to enable the ClusterTopology +feature gate flag to activate managed topologies support; +this feature is highly experimental, and parts of it might still be not implemented. +-- + +Type:: + `object` + +Required:: + - `class` + - `version` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `class` +| `string` +| The name of the ClusterClass object to create the topology. + +| `controlPlane` +| `object` +| ControlPlane describes the cluster control plane. + +| `rolloutAfter` +| `string` +| RolloutAfter performs a rollout of the entire cluster one component at a time, +control plane first and then machine deployments. + + +Deprecated: This field has no function and is going to be removed in the next apiVersion. + +| `variables` +| `array` +| Variables can be used to customize the Cluster through +patches. They must comply to the corresponding +VariableClasses defined in the ClusterClass. + +| `variables[]` +| `object` +| ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a +Variable definition in the ClusterClass `status` variables. + +| `version` +| `string` +| The Kubernetes version of the cluster. + +| `workers` +| `object` +| Workers encapsulates the different constructs that form the worker nodes +for the cluster. + +|=== +=== .spec.topology.controlPlane +Description:: ++ +-- +ControlPlane describes the cluster control plane. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `machineHealthCheck` +| `object` +| MachineHealthCheck allows to enable, disable and override +the MachineHealthCheck configuration in the ClusterClass for this control plane. + +| `metadata` +| `object` +| Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane +if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it +is applied only to the ControlPlane. +At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `replicas` +| `integer` +| Replicas is the number of control plane nodes. +If the value is nil, the ControlPlane object is created without the number of Replicas +and it's assumed that the control plane controller does not implement support for this field. +When specified against a control plane provider that lacks support for this field, this value will be ignored. + +|=== +=== .spec.topology.controlPlane.machineHealthCheck +Description:: ++ +-- +MachineHealthCheck allows to enable, disable and override +the MachineHealthCheck configuration in the ClusterClass for this control plane. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `enable` +| `boolean` +| Enable controls if a MachineHealthCheck should be created for the target machines. + + +If false: No MachineHealthCheck will be created. + + +If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + +If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will +block if `enable` is true and no MachineHealthCheck definition is available. + +| `maxUnhealthy` +| `integer-or-string` +| Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by +"selector" are not healthy. + +| `nodeStartupTimeout` +| `string` +| Machines older than this duration without a node will be considered to have +failed and will be remediated. +If you wish to disable this feature, set the value explicitly to 0. + +| `remediationTemplate` +| `object` +| RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. + +| `unhealthyConditions` +| `array` +| UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. + +| `unhealthyConditions[]` +| `object` +| UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. + +| `unhealthyRange` +| `string` +| Any further remediation is only allowed if the number of machines selected by "selector" as not healthy +is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. +Eg. "[3-5]" - This means that remediation will be allowed only when: +(a) there are at least 3 unhealthy machines (and) +(b) there are at most 5 unhealthy machines + +|=== +=== .spec.topology.controlPlane.machineHealthCheck.remediationTemplate +Description:: ++ +-- +RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.topology.controlPlane.machineHealthCheck.unhealthyConditions +Description:: ++ +-- +UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. +-- + +Type:: + `array` + + + + +=== .spec.topology.controlPlane.machineHealthCheck.unhealthyConditions[] +Description:: ++ +-- +UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. +-- + +Type:: + `object` + +Required:: + - `status` + - `timeout` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `status` +| `string` +| + +| `timeout` +| `string` +| + +| `type` +| `string` +| + +|=== +=== .spec.topology.controlPlane.metadata +Description:: ++ +-- +Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane +if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it +is applied only to the ControlPlane. +At runtime this metadata is merged with the corresponding metadata from the ClusterClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.topology.variables +Description:: ++ +-- +Variables can be used to customize the Cluster through +patches. They must comply to the corresponding +VariableClasses defined in the ClusterClass. +-- + +Type:: + `array` + + + + +=== .spec.topology.variables[] +Description:: ++ +-- +ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a +Variable definition in the ClusterClass `status` variables. +-- + +Type:: + `object` + +Required:: + - `name` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `definitionFrom` +| `string` +| DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the +definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass +`.spec.patches` where the patch is external and provides external variables. +This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` + +| `name` +| `string` +| Name of the variable. + +| `value` +| `` +| Value of the variable. +Note: the value will be validated against the schema of the corresponding ClusterClassVariable +from the ClusterClass. +Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a +hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, +i.e. it is not possible to have no type field. +Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + +|=== +=== .spec.topology.workers +Description:: ++ +-- +Workers encapsulates the different constructs that form the worker nodes +for the cluster. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `machineDeployments` +| `array` +| MachineDeployments is a list of machine deployments in the cluster. + +| `machineDeployments[]` +| `object` +| MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. +This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. + +| `machinePools` +| `array` +| MachinePools is a list of machine pools in the cluster. + +| `machinePools[]` +| `object` +| MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. +This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. + +|=== +=== .spec.topology.workers.machineDeployments +Description:: ++ +-- +MachineDeployments is a list of machine deployments in the cluster. +-- + +Type:: + `array` + + + + +=== .spec.topology.workers.machineDeployments[] +Description:: ++ +-- +MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. +This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. +-- + +Type:: + `object` + +Required:: + - `class` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `class` +| `string` +| Class is the name of the MachineDeploymentClass used to create the set of worker nodes. +This should match one of the deployment classes defined in the ClusterClass object +mentioned in the `Cluster.Spec.Class` field. + +| `failureDomain` +| `string` +| FailureDomain is the failure domain the machines will be created in. +Must match a key in the FailureDomains map stored on the cluster object. + +| `machineHealthCheck` +| `object` +| MachineHealthCheck allows to enable, disable and override +the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. + +| `metadata` +| `object` +| Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. +At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + +| `minReadySeconds` +| `integer` +| Minimum number of seconds for which a newly created machine should +be ready. +Defaults to 0 (machine will be considered available as soon as it +is ready) + +| `name` +| `string` +| Name is the unique identifier for this MachineDeploymentTopology. +The value is used with other unique identifiers to create a MachineDeployment's Name +(e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, +the values are hashed together. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `replicas` +| `integer` +| Replicas is the number of worker nodes belonging to this set. +If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) +and it's assumed that an external entity (like cluster autoscaler) is responsible for the management +of this value. + +| `strategy` +| `object` +| The deployment strategy to use to replace existing machines with +new ones. + +| `variables` +| `object` +| Variables can be used to customize the MachineDeployment through patches. + +|=== +=== .spec.topology.workers.machineDeployments[].machineHealthCheck +Description:: ++ +-- +MachineHealthCheck allows to enable, disable and override +the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `enable` +| `boolean` +| Enable controls if a MachineHealthCheck should be created for the target machines. + + +If false: No MachineHealthCheck will be created. + + +If not set(default): A MachineHealthCheck will be created if it is defined here or + in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. + + +If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will +block if `enable` is true and no MachineHealthCheck definition is available. + +| `maxUnhealthy` +| `integer-or-string` +| Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by +"selector" are not healthy. + +| `nodeStartupTimeout` +| `string` +| Machines older than this duration without a node will be considered to have +failed and will be remediated. +If you wish to disable this feature, set the value explicitly to 0. + +| `remediationTemplate` +| `object` +| RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. + +| `unhealthyConditions` +| `array` +| UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. + +| `unhealthyConditions[]` +| `object` +| UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. + +| `unhealthyRange` +| `string` +| Any further remediation is only allowed if the number of machines selected by "selector" as not healthy +is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. +Eg. "[3-5]" - This means that remediation will be allowed only when: +(a) there are at least 3 unhealthy machines (and) +(b) there are at most 5 unhealthy machines + +|=== +=== .spec.topology.workers.machineDeployments[].machineHealthCheck.remediationTemplate +Description:: ++ +-- +RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.topology.workers.machineDeployments[].machineHealthCheck.unhealthyConditions +Description:: ++ +-- +UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. +-- + +Type:: + `array` + + + + +=== .spec.topology.workers.machineDeployments[].machineHealthCheck.unhealthyConditions[] +Description:: ++ +-- +UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. +-- + +Type:: + `object` + +Required:: + - `status` + - `timeout` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `status` +| `string` +| + +| `timeout` +| `string` +| + +| `type` +| `string` +| + +|=== +=== .spec.topology.workers.machineDeployments[].metadata +Description:: ++ +-- +Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. +At runtime this metadata is merged with the corresponding metadata from the ClusterClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.topology.workers.machineDeployments[].strategy +Description:: ++ +-- +The deployment strategy to use to replace existing machines with +new ones. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rollingUpdate` +| `object` +| Rolling update config params. Present only if +MachineDeploymentStrategyType = RollingUpdate. + +| `type` +| `string` +| Type of deployment. Allowed values are RollingUpdate and OnDelete. +The default is RollingUpdate. + +|=== +=== .spec.topology.workers.machineDeployments[].strategy.rollingUpdate +Description:: ++ +-- +Rolling update config params. Present only if +MachineDeploymentStrategyType = RollingUpdate. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `deletePolicy` +| `string` +| DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. +Valid values are "Random, "Newest", "Oldest" +When no value is supplied, the default DeletePolicy of MachineSet is used + +| `maxSurge` +| `integer-or-string` +| The maximum number of machines that can be scheduled above the +desired number of machines. +Value can be an absolute number (ex: 5) or a percentage of +desired machines (ex: 10%). +This can not be 0 if MaxUnavailable is 0. +Absolute number is calculated from percentage by rounding up. +Defaults to 1. +Example: when this is set to 30%, the new MachineSet can be scaled +up immediately when the rolling update starts, such that the total +number of old and new machines do not exceed 130% of desired +machines. Once old machines have been killed, new MachineSet can +be scaled up further, ensuring that total number of machines running +at any time during the update is at most 130% of desired machines. + +| `maxUnavailable` +| `integer-or-string` +| The maximum number of machines that can be unavailable during the update. +Value can be an absolute number (ex: 5) or a percentage of desired +machines (ex: 10%). +Absolute number is calculated from percentage by rounding down. +This can not be 0 if MaxSurge is 0. +Defaults to 0. +Example: when this is set to 30%, the old MachineSet can be scaled +down to 70% of desired machines immediately when the rolling update +starts. Once new machines are ready, old MachineSet can be scaled +down further, followed by scaling up the new MachineSet, ensuring +that the total number of machines available at all times +during the update is at least 70% of desired machines. + +|=== +=== .spec.topology.workers.machineDeployments[].variables +Description:: ++ +-- +Variables can be used to customize the MachineDeployment through patches. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `overrides` +| `array` +| Overrides can be used to override Cluster level variables. + +| `overrides[]` +| `object` +| ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a +Variable definition in the ClusterClass `status` variables. + +|=== +=== .spec.topology.workers.machineDeployments[].variables.overrides +Description:: ++ +-- +Overrides can be used to override Cluster level variables. +-- + +Type:: + `array` + + + + +=== .spec.topology.workers.machineDeployments[].variables.overrides[] +Description:: ++ +-- +ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a +Variable definition in the ClusterClass `status` variables. +-- + +Type:: + `object` + +Required:: + - `name` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `definitionFrom` +| `string` +| DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the +definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass +`.spec.patches` where the patch is external and provides external variables. +This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` + +| `name` +| `string` +| Name of the variable. + +| `value` +| `` +| Value of the variable. +Note: the value will be validated against the schema of the corresponding ClusterClassVariable +from the ClusterClass. +Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a +hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, +i.e. it is not possible to have no type field. +Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + +|=== +=== .spec.topology.workers.machinePools +Description:: ++ +-- +MachinePools is a list of machine pools in the cluster. +-- + +Type:: + `array` + + + + +=== .spec.topology.workers.machinePools[] +Description:: ++ +-- +MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. +This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. +-- + +Type:: + `object` + +Required:: + - `class` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `class` +| `string` +| Class is the name of the MachinePoolClass used to create the pool of worker nodes. +This should match one of the deployment classes defined in the ClusterClass object +mentioned in the `Cluster.Spec.Class` field. + +| `failureDomains` +| `array (string)` +| FailureDomains is the list of failure domains the machine pool will be created in. +Must match a key in the FailureDomains map stored on the cluster object. + +| `metadata` +| `object` +| Metadata is the metadata applied to the MachinePool. +At runtime this metadata is merged with the corresponding metadata from the ClusterClass. + +| `minReadySeconds` +| `integer` +| Minimum number of seconds for which a newly created machine pool should +be ready. +Defaults to 0 (machine will be considered available as soon as it +is ready) + +| `name` +| `string` +| Name is the unique identifier for this MachinePoolTopology. +The value is used with other unique identifiers to create a MachinePool's Name +(e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, +the values are hashed together. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool +hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `replicas` +| `integer` +| Replicas is the number of nodes belonging to this pool. +If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) +and it's assumed that an external entity (like cluster autoscaler) is responsible for the management +of this value. + +| `variables` +| `object` +| Variables can be used to customize the MachinePool through patches. + +|=== +=== .spec.topology.workers.machinePools[].metadata +Description:: ++ +-- +Metadata is the metadata applied to the MachinePool. +At runtime this metadata is merged with the corresponding metadata from the ClusterClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.topology.workers.machinePools[].variables +Description:: ++ +-- +Variables can be used to customize the MachinePool through patches. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `overrides` +| `array` +| Overrides can be used to override Cluster level variables. + +| `overrides[]` +| `object` +| ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a +Variable definition in the ClusterClass `status` variables. + +|=== +=== .spec.topology.workers.machinePools[].variables.overrides +Description:: ++ +-- +Overrides can be used to override Cluster level variables. +-- + +Type:: + `array` + + + + +=== .spec.topology.workers.machinePools[].variables.overrides[] +Description:: ++ +-- +ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a +Variable definition in the ClusterClass `status` variables. +-- + +Type:: + `object` + +Required:: + - `name` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `definitionFrom` +| `string` +| DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the +definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass +`.spec.patches` where the patch is external and provides external variables. +This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` + +| `name` +| `string` +| Name of the variable. + +| `value` +| `` +| Value of the variable. +Note: the value will be validated against the schema of the corresponding ClusterClassVariable +from the ClusterClass. +Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a +hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, +i.e. it is not possible to have no type field. +Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + +|=== +=== .status +Description:: ++ +-- +ClusterStatus defines the observed state of Cluster. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions defines current service state of the cluster. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `controlPlaneReady` +| `boolean` +| ControlPlaneReady defines if the control plane is ready. + +| `failureDomains` +| `object` +| FailureDomains is a slice of failure domain objects synced from the infrastructure provider. + +| `failureDomains{}` +| `object` +| FailureDomainSpec is the Schema for Cluster API failure domains. +It allows controllers to understand how many failure domains a cluster can optionally span across. + +| `failureMessage` +| `string` +| FailureMessage indicates that there is a fatal problem reconciling the +state, and will be set to a descriptive error message. + +| `failureReason` +| `string` +| FailureReason indicates that there is a fatal problem reconciling the +state, and will be set to a token value suitable for +programmatic interpretation. + +| `infrastructureReady` +| `boolean` +| InfrastructureReady is the state of the infrastructure provider. + +| `observedGeneration` +| `integer` +| ObservedGeneration is the latest generation observed by the controller. + +| `phase` +| `string` +| Phase represents the current phase of cluster actuation. +E.g. Pending, Running, Terminating, Failed etc. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current service state of the cluster. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== +=== .status.failureDomains +Description:: ++ +-- +FailureDomains is a slice of failure domain objects synced from the infrastructure provider. +-- + +Type:: + `object` + + + + +=== .status.failureDomains{} +Description:: ++ +-- +FailureDomainSpec is the Schema for Cluster API failure domains. +It allows controllers to understand how many failure domains a cluster can optionally span across. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `attributes` +| `object (string)` +| Attributes is a free form map of attributes an infrastructure provider might use or require. + +| `controlPlane` +| `boolean` +| ControlPlane determines if this failure domain is suitable for use by control plane machines. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/clusters` +- `GET`: list objects of kind Cluster +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusters` +- `DELETE`: delete collection of Cluster +- `GET`: list objects of kind Cluster +- `POST`: create a Cluster +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusters/{name}` +- `DELETE`: delete a Cluster +- `GET`: read the specified Cluster +- `PATCH`: partially update the specified Cluster +- `PUT`: replace the specified Cluster +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusters/{name}/status` +- `GET`: read status of the specified Cluster +- `PATCH`: partially update status of the specified Cluster +- `PUT`: replace status of the specified Cluster + + +=== /apis/cluster.x-k8s.io/v1beta1/clusters + + + +HTTP method:: + `GET` + +Description:: + list objects of kind Cluster + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.ClusterList[`ClusterList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusters + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of Cluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Cluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.ClusterList[`ClusterList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a Cluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 201 - Created +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 202 - Accepted +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusters/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Cluster +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a Cluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified Cluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified Cluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified Cluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 201 - Created +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusters/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Cluster +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified Cluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Cluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Cluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 201 - Created +| xref:../cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[`Cluster`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..9b5dfe1671 --- /dev/null +++ b/rest_api/cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,3073 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="clusterclass-cluster-x-k8s-io-v1beta1"] += ClusterClass [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ClusterClass is a template which can be used to create managed topologies. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| ClusterClassSpec describes the desired state of the ClusterClass. + +| `status` +| `object` +| ClusterClassStatus defines the observed state of the ClusterClass. + +|=== +=== .spec +Description:: ++ +-- +ClusterClassSpec describes the desired state of the ClusterClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `controlPlane` +| `object` +| ControlPlane is a reference to a local struct that holds the details +for provisioning the Control Plane for the Cluster. + +| `infrastructure` +| `object` +| Infrastructure is a reference to a provider-specific template that holds +the details for provisioning infrastructure specific cluster +for the underlying provider. +The underlying provider is responsible for the implementation +of the template to an infrastructure cluster. + +| `patches` +| `array` +| Patches defines the patches which are applied to customize +referenced templates of a ClusterClass. +Note: Patches will be applied in the order of the array. + +| `patches[]` +| `object` +| ClusterClassPatch defines a patch which is applied to customize the referenced templates. + +| `variables` +| `array` +| Variables defines the variables which can be configured +in the Cluster topology and are then used in patches. + +| `variables[]` +| `object` +| ClusterClassVariable defines a variable which can +be configured in the Cluster topology and used in patches. + +| `workers` +| `object` +| Workers describes the worker nodes for the cluster. +It is a collection of node types which can be used to create +the worker nodes of the cluster. + +|=== +=== .spec.controlPlane +Description:: ++ +-- +ControlPlane is a reference to a local struct that holds the details +for provisioning the Control Plane for the Cluster. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `machineHealthCheck` +| `object` +| MachineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. +This field is supported if and only if the ControlPlane provider template +referenced above is Machine based and supports setting replicas. + +| `machineInfrastructure` +| `object` +| MachineInfrastructure defines the metadata and infrastructure information +for control plane machines. + + +This field is supported if and only if the control plane provider template +referenced above is Machine based and supports setting replicas. + +| `metadata` +| `object` +| Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane +if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the +ControlPlane. +At runtime this metadata is merged with the corresponding metadata from the topology. + + +This field is supported if and only if the control plane provider template +referenced is Machine based. + +| `namingStrategy` +| `object` +| NamingStrategy allows changing the naming pattern used when creating the control plane provider object. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. +NOTE: This value can be overridden while defining a Cluster.Topology. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` +NOTE: This value can be overridden while defining a Cluster.Topology. + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. +NOTE: This value can be overridden while defining a Cluster.Topology. + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.controlPlane.machineHealthCheck +Description:: ++ +-- +MachineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. +This field is supported if and only if the ControlPlane provider template +referenced above is Machine based and supports setting replicas. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `maxUnhealthy` +| `integer-or-string` +| Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by +"selector" are not healthy. + +| `nodeStartupTimeout` +| `string` +| Machines older than this duration without a node will be considered to have +failed and will be remediated. +If you wish to disable this feature, set the value explicitly to 0. + +| `remediationTemplate` +| `object` +| RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. + +| `unhealthyConditions` +| `array` +| UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. + +| `unhealthyConditions[]` +| `object` +| UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. + +| `unhealthyRange` +| `string` +| Any further remediation is only allowed if the number of machines selected by "selector" as not healthy +is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. +Eg. "[3-5]" - This means that remediation will be allowed only when: +(a) there are at least 3 unhealthy machines (and) +(b) there are at most 5 unhealthy machines + +|=== +=== .spec.controlPlane.machineHealthCheck.remediationTemplate +Description:: ++ +-- +RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.controlPlane.machineHealthCheck.unhealthyConditions +Description:: ++ +-- +UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. +-- + +Type:: + `array` + + + + +=== .spec.controlPlane.machineHealthCheck.unhealthyConditions[] +Description:: ++ +-- +UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. +-- + +Type:: + `object` + +Required:: + - `status` + - `timeout` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `status` +| `string` +| + +| `timeout` +| `string` +| + +| `type` +| `string` +| + +|=== +=== .spec.controlPlane.machineInfrastructure +Description:: ++ +-- +MachineInfrastructure defines the metadata and infrastructure information +for control plane machines. + + +This field is supported if and only if the control plane provider template +referenced above is Machine based and supports setting replicas. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.controlPlane.machineInfrastructure.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.controlPlane.metadata +Description:: ++ +-- +Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane +if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the +ControlPlane. +At runtime this metadata is merged with the corresponding metadata from the topology. + + +This field is supported if and only if the control plane provider template +referenced is Machine based. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.controlPlane.namingStrategy +Description:: ++ +-- +NamingStrategy allows changing the naming pattern used when creating the control plane provider object. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `string` +| Template defines the template to use for generating the name of the ControlPlane object. +If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. +If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will +get concatenated with a random suffix of length 5. +The templating mechanism provides the following arguments: +* `.cluster.name`: The name of the cluster object. +* `.random`: A random alphanumeric string, without vowels, of length 5. + +|=== +=== .spec.controlPlane.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.infrastructure +Description:: ++ +-- +Infrastructure is a reference to a provider-specific template that holds +the details for provisioning infrastructure specific cluster +for the underlying provider. +The underlying provider is responsible for the implementation +of the template to an infrastructure cluster. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.infrastructure.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.patches +Description:: ++ +-- +Patches defines the patches which are applied to customize +referenced templates of a ClusterClass. +Note: Patches will be applied in the order of the array. +-- + +Type:: + `array` + + + + +=== .spec.patches[] +Description:: ++ +-- +ClusterClassPatch defines a patch which is applied to customize the referenced templates. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `definitions` +| `array` +| Definitions define inline patches. +Note: Patches will be applied in the order of the array. +Note: Exactly one of Definitions or External must be set. + +| `definitions[]` +| `object` +| PatchDefinition defines a patch which is applied to customize the referenced templates. + +| `description` +| `string` +| Description is a human-readable description of this patch. + +| `enabledIf` +| `string` +| EnabledIf is a Go template to be used to calculate if a patch should be enabled. +It can reference variables defined in .spec.variables and builtin variables. +The patch will be enabled if the template evaluates to `true`, otherwise it will +be disabled. +If EnabledIf is not set, the patch will be enabled per default. + +| `external` +| `object` +| External defines an external patch. +Note: Exactly one of Definitions or External must be set. + +| `name` +| `string` +| Name of the patch. + +|=== +=== .spec.patches[].definitions +Description:: ++ +-- +Definitions define inline patches. +Note: Patches will be applied in the order of the array. +Note: Exactly one of Definitions or External must be set. +-- + +Type:: + `array` + + + + +=== .spec.patches[].definitions[] +Description:: ++ +-- +PatchDefinition defines a patch which is applied to customize the referenced templates. +-- + +Type:: + `object` + +Required:: + - `jsonPatches` + - `selector` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `jsonPatches` +| `array` +| JSONPatches defines the patches which should be applied on the templates +matching the selector. +Note: Patches will be applied in the order of the array. + +| `jsonPatches[]` +| `object` +| JSONPatch defines a JSON patch. + +| `selector` +| `object` +| Selector defines on which templates the patch should be applied. + +|=== +=== .spec.patches[].definitions[].jsonPatches +Description:: ++ +-- +JSONPatches defines the patches which should be applied on the templates +matching the selector. +Note: Patches will be applied in the order of the array. +-- + +Type:: + `array` + + + + +=== .spec.patches[].definitions[].jsonPatches[] +Description:: ++ +-- +JSONPatch defines a JSON patch. +-- + +Type:: + `object` + +Required:: + - `op` + - `path` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `op` +| `string` +| Op defines the operation of the patch. +Note: Only `add`, `replace` and `remove` are supported. + +| `path` +| `string` +| Path defines the path of the patch. +Note: Only the spec of a template can be patched, thus the path has to start with /spec/. +Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: +* for op: `add`: only index 0 (prepend) and - (append) are allowed +* for op: `replace` or `remove`: no indexes are allowed + +| `value` +| `` +| Value defines the value of the patch. +Note: Either Value or ValueFrom is required for add and replace +operations. Only one of them is allowed to be set at the same time. +Note: We have to use apiextensionsv1.JSON instead of our JSON type, +because controller-tools has a hard-coded schema for apiextensionsv1.JSON +which cannot be produced by another type (unset type field). +Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 + +| `valueFrom` +| `object` +| ValueFrom defines the value of the patch. +Note: Either Value or ValueFrom is required for add and replace +operations. Only one of them is allowed to be set at the same time. + +|=== +=== .spec.patches[].definitions[].jsonPatches[].valueFrom +Description:: ++ +-- +ValueFrom defines the value of the patch. +Note: Either Value or ValueFrom is required for add and replace +operations. Only one of them is allowed to be set at the same time. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `string` +| Template is the Go template to be used to calculate the value. +A template can reference variables defined in .spec.variables and builtin variables. +Note: The template must evaluate to a valid YAML or JSON value. + +| `variable` +| `string` +| Variable is the variable to be used as value. +Variable can be one of the variables defined in .spec.variables or a builtin variable. + +|=== +=== .spec.patches[].definitions[].selector +Description:: ++ +-- +Selector defines on which templates the patch should be applied. +-- + +Type:: + `object` + +Required:: + - `apiVersion` + - `kind` + - `matchResources` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion filters templates by apiVersion. + +| `kind` +| `string` +| Kind filters templates by kind. + +| `matchResources` +| `object` +| MatchResources selects templates based on where they are referenced. + +|=== +=== .spec.patches[].definitions[].selector.matchResources +Description:: ++ +-- +MatchResources selects templates based on where they are referenced. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `controlPlane` +| `boolean` +| ControlPlane selects templates referenced in .spec.ControlPlane. +Note: this will match the controlPlane and also the controlPlane +machineInfrastructure (depending on the kind and apiVersion). + +| `infrastructureCluster` +| `boolean` +| InfrastructureCluster selects templates referenced in .spec.infrastructure. + +| `machineDeploymentClass` +| `object` +| MachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in +.spec.workers.machineDeployments. + +| `machinePoolClass` +| `object` +| MachinePoolClass selects templates referenced in specific MachinePoolClasses in +.spec.workers.machinePools. + +|=== +=== .spec.patches[].definitions[].selector.matchResources.machineDeploymentClass +Description:: ++ +-- +MachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in +.spec.workers.machineDeployments. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `names` +| `array (string)` +| Names selects templates by class names. + +|=== +=== .spec.patches[].definitions[].selector.matchResources.machinePoolClass +Description:: ++ +-- +MachinePoolClass selects templates referenced in specific MachinePoolClasses in +.spec.workers.machinePools. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `names` +| `array (string)` +| Names selects templates by class names. + +|=== +=== .spec.patches[].external +Description:: ++ +-- +External defines an external patch. +Note: Exactly one of Definitions or External must be set. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `discoverVariablesExtension` +| `string` +| DiscoverVariablesExtension references an extension which is called to discover variables. + +| `generateExtension` +| `string` +| GenerateExtension references an extension which is called to generate patches. + +| `settings` +| `object (string)` +| Settings defines key value pairs to be passed to the extensions. +Values defined here take precedence over the values defined in the +corresponding ExtensionConfig. + +| `validateExtension` +| `string` +| ValidateExtension references an extension which is called to validate the topology. + +|=== +=== .spec.variables +Description:: ++ +-- +Variables defines the variables which can be configured +in the Cluster topology and are then used in patches. +-- + +Type:: + `array` + + + + +=== .spec.variables[] +Description:: ++ +-- +ClusterClassVariable defines a variable which can +be configured in the Cluster topology and used in patches. +-- + +Type:: + `object` + +Required:: + - `name` + - `required` + - `schema` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `metadata` +| `object` +| Metadata is the metadata of a variable. +It can be used to add additional data for higher level tools to +a ClusterClassVariable. + +| `name` +| `string` +| Name of the variable. + +| `required` +| `boolean` +| Required specifies if the variable is required. +Note: this applies to the variable as a whole and thus the +top-level object defined in the schema. If nested fields are +required, this will be specified inside the schema. + +| `schema` +| `object` +| Schema defines the schema of the variable. + +|=== +=== .spec.variables[].metadata +Description:: ++ +-- +Metadata is the metadata of a variable. +It can be used to add additional data for higher level tools to +a ClusterClassVariable. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map that can be used to store and +retrieve arbitrary metadata. +They are not queryable. + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) variables. + +|=== +=== .spec.variables[].schema +Description:: ++ +-- +Schema defines the schema of the variable. +-- + +Type:: + `object` + +Required:: + - `openAPIV3Schema` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `openAPIV3Schema` +| `object` +| OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 +schema. The schema is a subset of the schema used in +Kubernetes CRDs. + +|=== +=== .spec.variables[].schema.openAPIV3Schema +Description:: ++ +-- +OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 +schema. The schema is a subset of the schema used in +Kubernetes CRDs. +-- + +Type:: + `object` + +Required:: + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalProperties` +| `` +| AdditionalProperties specifies the schema of values in a map (keys are always strings). +NOTE: Can only be set if type is object. +NOTE: AdditionalProperties is mutually exclusive with Properties. +NOTE: This field uses PreserveUnknownFields and Schemaless, +because recursive validation is not possible. + +| `default` +| `` +| Default is the default value of the variable. +NOTE: Can be set for all types. + +| `description` +| `string` +| Description is a human-readable description of this variable. + +| `enum` +| `array (undefined)` +| Enum is the list of valid values of the variable. +NOTE: Can be set for all types. + +| `example` +| `` +| Example is an example for this variable. + +| `exclusiveMaximum` +| `boolean` +| ExclusiveMaximum specifies if the Maximum is exclusive. +NOTE: Can only be set if type is integer or number. + +| `exclusiveMinimum` +| `boolean` +| ExclusiveMinimum specifies if the Minimum is exclusive. +NOTE: Can only be set if type is integer or number. + +| `format` +| `string` +| Format is an OpenAPI v3 format string. Unknown formats are ignored. +For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) +https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go +NOTE: Can only be set if type is string. + +| `items` +| `` +| Items specifies fields of an array. +NOTE: Can only be set if type is array. +NOTE: This field uses PreserveUnknownFields and Schemaless, +because recursive validation is not possible. + +| `maxItems` +| `integer` +| MaxItems is the max length of an array variable. +NOTE: Can only be set if type is array. + +| `maxLength` +| `integer` +| MaxLength is the max length of a string variable. +NOTE: Can only be set if type is string. + +| `maximum` +| `integer` +| Maximum is the maximum of an integer or number variable. +If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. +If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. +NOTE: Can only be set if type is integer or number. + +| `minItems` +| `integer` +| MinItems is the min length of an array variable. +NOTE: Can only be set if type is array. + +| `minLength` +| `integer` +| MinLength is the min length of a string variable. +NOTE: Can only be set if type is string. + +| `minimum` +| `integer` +| Minimum is the minimum of an integer or number variable. +If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. +If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. +NOTE: Can only be set if type is integer or number. + +| `pattern` +| `string` +| Pattern is the regex which a string variable must match. +NOTE: Can only be set if type is string. + +| `properties` +| `` +| Properties specifies fields of an object. +NOTE: Can only be set if type is object. +NOTE: Properties is mutually exclusive with AdditionalProperties. +NOTE: This field uses PreserveUnknownFields and Schemaless, +because recursive validation is not possible. + +| `required` +| `array (string)` +| Required specifies which fields of an object are required. +NOTE: Can only be set if type is object. + +| `type` +| `string` +| Type is the type of the variable. +Valid values are: object, array, string, integer, number or boolean. + +| `uniqueItems` +| `boolean` +| UniqueItems specifies if items in an array must be unique. +NOTE: Can only be set if type is array. + +| `x-kubernetes-preserve-unknown-fields` +| `boolean` +| XPreserveUnknownFields allows setting fields in a variable object +which are not defined in the variable schema. This affects fields recursively, +except if nested properties or additionalProperties are specified in the schema. + +|=== +=== .spec.workers +Description:: ++ +-- +Workers describes the worker nodes for the cluster. +It is a collection of node types which can be used to create +the worker nodes of the cluster. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `machineDeployments` +| `array` +| MachineDeployments is a list of machine deployment classes that can be used to create +a set of worker nodes. + +| `machineDeployments[]` +| `object` +| MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster +provisioned using the `ClusterClass`. + +| `machinePools` +| `array` +| MachinePools is a list of machine pool classes that can be used to create +a set of worker nodes. + +| `machinePools[]` +| `object` +| MachinePoolClass serves as a template to define a pool of worker nodes of the cluster +provisioned using `ClusterClass`. + +|=== +=== .spec.workers.machineDeployments +Description:: ++ +-- +MachineDeployments is a list of machine deployment classes that can be used to create +a set of worker nodes. +-- + +Type:: + `array` + + + + +=== .spec.workers.machineDeployments[] +Description:: ++ +-- +MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster +provisioned using the `ClusterClass`. +-- + +Type:: + `object` + +Required:: + - `class` + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `class` +| `string` +| Class denotes a type of worker node present in the cluster, +this name MUST be unique within a ClusterClass and can be referenced +in the Cluster to create a managed MachineDeployment. + +| `failureDomain` +| `string` +| FailureDomain is the failure domain the machines will be created in. +Must match a key in the FailureDomains map stored on the cluster object. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + +| `machineHealthCheck` +| `object` +| MachineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass. + +| `minReadySeconds` +| `integer` +| Minimum number of seconds for which a newly created machine should +be ready. +Defaults to 0 (machine will be considered available as soon as it +is ready) +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + +| `namingStrategy` +| `object` +| NamingStrategy allows changing the naming pattern used when creating the MachineDeployment. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + +| `strategy` +| `object` +| The deployment strategy to use to replace existing machines with +new ones. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. + +| `template` +| `object` +| Template is a local struct containing a collection of templates for creation of +MachineDeployment objects representing a set of worker nodes. + +|=== +=== .spec.workers.machineDeployments[].machineHealthCheck +Description:: ++ +-- +MachineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `maxUnhealthy` +| `integer-or-string` +| Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by +"selector" are not healthy. + +| `nodeStartupTimeout` +| `string` +| Machines older than this duration without a node will be considered to have +failed and will be remediated. +If you wish to disable this feature, set the value explicitly to 0. + +| `remediationTemplate` +| `object` +| RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. + +| `unhealthyConditions` +| `array` +| UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. + +| `unhealthyConditions[]` +| `object` +| UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. + +| `unhealthyRange` +| `string` +| Any further remediation is only allowed if the number of machines selected by "selector" as not healthy +is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. +Eg. "[3-5]" - This means that remediation will be allowed only when: +(a) there are at least 3 unhealthy machines (and) +(b) there are at most 5 unhealthy machines + +|=== +=== .spec.workers.machineDeployments[].machineHealthCheck.remediationTemplate +Description:: ++ +-- +RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.workers.machineDeployments[].machineHealthCheck.unhealthyConditions +Description:: ++ +-- +UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. +-- + +Type:: + `array` + + + + +=== .spec.workers.machineDeployments[].machineHealthCheck.unhealthyConditions[] +Description:: ++ +-- +UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. +-- + +Type:: + `object` + +Required:: + - `status` + - `timeout` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `status` +| `string` +| + +| `timeout` +| `string` +| + +| `type` +| `string` +| + +|=== +=== .spec.workers.machineDeployments[].namingStrategy +Description:: ++ +-- +NamingStrategy allows changing the naming pattern used when creating the MachineDeployment. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `string` +| Template defines the template to use for generating the name of the MachineDeployment object. +If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. +If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will +get concatenated with a random suffix of length 5. +The templating mechanism provides the following arguments: +* `.cluster.name`: The name of the cluster object. +* `.random`: A random alphanumeric string, without vowels, of length 5. +* `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). + +|=== +=== .spec.workers.machineDeployments[].strategy +Description:: ++ +-- +The deployment strategy to use to replace existing machines with +new ones. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rollingUpdate` +| `object` +| Rolling update config params. Present only if +MachineDeploymentStrategyType = RollingUpdate. + +| `type` +| `string` +| Type of deployment. Allowed values are RollingUpdate and OnDelete. +The default is RollingUpdate. + +|=== +=== .spec.workers.machineDeployments[].strategy.rollingUpdate +Description:: ++ +-- +Rolling update config params. Present only if +MachineDeploymentStrategyType = RollingUpdate. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `deletePolicy` +| `string` +| DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. +Valid values are "Random, "Newest", "Oldest" +When no value is supplied, the default DeletePolicy of MachineSet is used + +| `maxSurge` +| `integer-or-string` +| The maximum number of machines that can be scheduled above the +desired number of machines. +Value can be an absolute number (ex: 5) or a percentage of +desired machines (ex: 10%). +This can not be 0 if MaxUnavailable is 0. +Absolute number is calculated from percentage by rounding up. +Defaults to 1. +Example: when this is set to 30%, the new MachineSet can be scaled +up immediately when the rolling update starts, such that the total +number of old and new machines do not exceed 130% of desired +machines. Once old machines have been killed, new MachineSet can +be scaled up further, ensuring that total number of machines running +at any time during the update is at most 130% of desired machines. + +| `maxUnavailable` +| `integer-or-string` +| The maximum number of machines that can be unavailable during the update. +Value can be an absolute number (ex: 5) or a percentage of desired +machines (ex: 10%). +Absolute number is calculated from percentage by rounding down. +This can not be 0 if MaxSurge is 0. +Defaults to 0. +Example: when this is set to 30%, the old MachineSet can be scaled +down to 70% of desired machines immediately when the rolling update +starts. Once new machines are ready, old MachineSet can be scaled +down further, followed by scaling up the new MachineSet, ensuring +that the total number of machines available at all times +during the update is at least 70% of desired machines. + +|=== +=== .spec.workers.machineDeployments[].template +Description:: ++ +-- +Template is a local struct containing a collection of templates for creation of +MachineDeployment objects representing a set of worker nodes. +-- + +Type:: + `object` + +Required:: + - `bootstrap` + - `infrastructure` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bootstrap` +| `object` +| Bootstrap contains the bootstrap template reference to be used +for the creation of worker Machines. + +| `infrastructure` +| `object` +| Infrastructure contains the infrastructure template reference to be used +for the creation of worker Machines. + +| `metadata` +| `object` +| Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. +At runtime this metadata is merged with the corresponding metadata from the topology. + +|=== +=== .spec.workers.machineDeployments[].template.bootstrap +Description:: ++ +-- +Bootstrap contains the bootstrap template reference to be used +for the creation of worker Machines. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.workers.machineDeployments[].template.bootstrap.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.workers.machineDeployments[].template.infrastructure +Description:: ++ +-- +Infrastructure contains the infrastructure template reference to be used +for the creation of worker Machines. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.workers.machineDeployments[].template.infrastructure.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.workers.machineDeployments[].template.metadata +Description:: ++ +-- +Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. +At runtime this metadata is merged with the corresponding metadata from the topology. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.workers.machinePools +Description:: ++ +-- +MachinePools is a list of machine pool classes that can be used to create +a set of worker nodes. +-- + +Type:: + `array` + + + + +=== .spec.workers.machinePools[] +Description:: ++ +-- +MachinePoolClass serves as a template to define a pool of worker nodes of the cluster +provisioned using `ClusterClass`. +-- + +Type:: + `object` + +Required:: + - `class` + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `class` +| `string` +| Class denotes a type of machine pool present in the cluster, +this name MUST be unique within a ClusterClass and can be referenced +in the Cluster to create a managed MachinePool. + +| `failureDomains` +| `array (string)` +| FailureDomains is the list of failure domains the MachinePool should be attached to. +Must match a key in the FailureDomains map stored on the cluster object. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + +| `minReadySeconds` +| `integer` +| Minimum number of seconds for which a newly created machine pool should +be ready. +Defaults to 0 (machine will be considered available as soon as it +is ready) +NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + +| `namingStrategy` +| `object` +| NamingStrategy allows changing the naming pattern used when creating the MachinePool. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` +NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. +NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. + +| `template` +| `object` +| Template is a local struct containing a collection of templates for creation of +MachinePools objects representing a pool of worker nodes. + +|=== +=== .spec.workers.machinePools[].namingStrategy +Description:: ++ +-- +NamingStrategy allows changing the naming pattern used when creating the MachinePool. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `string` +| Template defines the template to use for generating the name of the MachinePool object. +If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. +If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will +get concatenated with a random suffix of length 5. +The templating mechanism provides the following arguments: +* `.cluster.name`: The name of the cluster object. +* `.random`: A random alphanumeric string, without vowels, of length 5. +* `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). + +|=== +=== .spec.workers.machinePools[].template +Description:: ++ +-- +Template is a local struct containing a collection of templates for creation of +MachinePools objects representing a pool of worker nodes. +-- + +Type:: + `object` + +Required:: + - `bootstrap` + - `infrastructure` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bootstrap` +| `object` +| Bootstrap contains the bootstrap template reference to be used +for the creation of the Machines in the MachinePool. + +| `infrastructure` +| `object` +| Infrastructure contains the infrastructure template reference to be used +for the creation of the MachinePool. + +| `metadata` +| `object` +| Metadata is the metadata applied to the MachinePool. +At runtime this metadata is merged with the corresponding metadata from the topology. + +|=== +=== .spec.workers.machinePools[].template.bootstrap +Description:: ++ +-- +Bootstrap contains the bootstrap template reference to be used +for the creation of the Machines in the MachinePool. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.workers.machinePools[].template.bootstrap.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.workers.machinePools[].template.infrastructure +Description:: ++ +-- +Infrastructure contains the infrastructure template reference to be used +for the creation of the MachinePool. +-- + +Type:: + `object` + +Required:: + - `ref` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ref` +| `object` +| Ref is a required reference to a custom resource +offered by a provider. + +|=== +=== .spec.workers.machinePools[].template.infrastructure.ref +Description:: ++ +-- +Ref is a required reference to a custom resource +offered by a provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.workers.machinePools[].template.metadata +Description:: ++ +-- +Metadata is the metadata applied to the MachinePool. +At runtime this metadata is merged with the corresponding metadata from the topology. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .status +Description:: ++ +-- +ClusterClassStatus defines the observed state of the ClusterClass. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions defines current observed state of the ClusterClass. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `observedGeneration` +| `integer` +| ObservedGeneration is the latest generation observed by the controller. + +| `variables` +| `array` +| Variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass. + +| `variables[]` +| `object` +| ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current observed state of the ClusterClass. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== +=== .status.variables +Description:: ++ +-- +Variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass. +-- + +Type:: + `array` + + + + +=== .status.variables[] +Description:: ++ +-- +ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass. +-- + +Type:: + `object` + +Required:: + - `definitions` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `definitions` +| `array` +| Definitions is a list of definitions for a variable. + +| `definitions[]` +| `object` +| ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass. + +| `definitionsConflict` +| `boolean` +| DefinitionsConflict specifies whether or not there are conflicting definitions for a single variable name. + +| `name` +| `string` +| Name is the name of the variable. + +|=== +=== .status.variables[].definitions +Description:: ++ +-- +Definitions is a list of definitions for a variable. +-- + +Type:: + `array` + + + + +=== .status.variables[].definitions[] +Description:: ++ +-- +ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass. +-- + +Type:: + `object` + +Required:: + - `from` + - `required` + - `schema` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `from` +| `string` +| From specifies the origin of the variable definition. +This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass +for variables discovered from a DiscoverVariables runtime extensions. + +| `metadata` +| `object` +| Metadata is the metadata of a variable. +It can be used to add additional data for higher level tools to +a ClusterClassVariable. + +| `required` +| `boolean` +| Required specifies if the variable is required. +Note: this applies to the variable as a whole and thus the +top-level object defined in the schema. If nested fields are +required, this will be specified inside the schema. + +| `schema` +| `object` +| Schema defines the schema of the variable. + +|=== +=== .status.variables[].definitions[].metadata +Description:: ++ +-- +Metadata is the metadata of a variable. +It can be used to add additional data for higher level tools to +a ClusterClassVariable. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map that can be used to store and +retrieve arbitrary metadata. +They are not queryable. + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) variables. + +|=== +=== .status.variables[].definitions[].schema +Description:: ++ +-- +Schema defines the schema of the variable. +-- + +Type:: + `object` + +Required:: + - `openAPIV3Schema` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `openAPIV3Schema` +| `object` +| OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 +schema. The schema is a subset of the schema used in +Kubernetes CRDs. + +|=== +=== .status.variables[].definitions[].schema.openAPIV3Schema +Description:: ++ +-- +OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 +schema. The schema is a subset of the schema used in +Kubernetes CRDs. +-- + +Type:: + `object` + +Required:: + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalProperties` +| `` +| AdditionalProperties specifies the schema of values in a map (keys are always strings). +NOTE: Can only be set if type is object. +NOTE: AdditionalProperties is mutually exclusive with Properties. +NOTE: This field uses PreserveUnknownFields and Schemaless, +because recursive validation is not possible. + +| `default` +| `` +| Default is the default value of the variable. +NOTE: Can be set for all types. + +| `description` +| `string` +| Description is a human-readable description of this variable. + +| `enum` +| `array (undefined)` +| Enum is the list of valid values of the variable. +NOTE: Can be set for all types. + +| `example` +| `` +| Example is an example for this variable. + +| `exclusiveMaximum` +| `boolean` +| ExclusiveMaximum specifies if the Maximum is exclusive. +NOTE: Can only be set if type is integer or number. + +| `exclusiveMinimum` +| `boolean` +| ExclusiveMinimum specifies if the Minimum is exclusive. +NOTE: Can only be set if type is integer or number. + +| `format` +| `string` +| Format is an OpenAPI v3 format string. Unknown formats are ignored. +For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) +https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go +NOTE: Can only be set if type is string. + +| `items` +| `` +| Items specifies fields of an array. +NOTE: Can only be set if type is array. +NOTE: This field uses PreserveUnknownFields and Schemaless, +because recursive validation is not possible. + +| `maxItems` +| `integer` +| MaxItems is the max length of an array variable. +NOTE: Can only be set if type is array. + +| `maxLength` +| `integer` +| MaxLength is the max length of a string variable. +NOTE: Can only be set if type is string. + +| `maximum` +| `integer` +| Maximum is the maximum of an integer or number variable. +If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. +If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. +NOTE: Can only be set if type is integer or number. + +| `minItems` +| `integer` +| MinItems is the min length of an array variable. +NOTE: Can only be set if type is array. + +| `minLength` +| `integer` +| MinLength is the min length of a string variable. +NOTE: Can only be set if type is string. + +| `minimum` +| `integer` +| Minimum is the minimum of an integer or number variable. +If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. +If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. +NOTE: Can only be set if type is integer or number. + +| `pattern` +| `string` +| Pattern is the regex which a string variable must match. +NOTE: Can only be set if type is string. + +| `properties` +| `` +| Properties specifies fields of an object. +NOTE: Can only be set if type is object. +NOTE: Properties is mutually exclusive with AdditionalProperties. +NOTE: This field uses PreserveUnknownFields and Schemaless, +because recursive validation is not possible. + +| `required` +| `array (string)` +| Required specifies which fields of an object are required. +NOTE: Can only be set if type is object. + +| `type` +| `string` +| Type is the type of the variable. +Valid values are: object, array, string, integer, number or boolean. + +| `uniqueItems` +| `boolean` +| UniqueItems specifies if items in an array must be unique. +NOTE: Can only be set if type is array. + +| `x-kubernetes-preserve-unknown-fields` +| `boolean` +| XPreserveUnknownFields allows setting fields in a variable object +which are not defined in the variable schema. This affects fields recursively, +except if nested properties or additionalProperties are specified in the schema. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/clusterclasses` +- `GET`: list objects of kind ClusterClass +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterclasses` +- `DELETE`: delete collection of ClusterClass +- `GET`: list objects of kind ClusterClass +- `POST`: create a ClusterClass +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterclasses/{name}` +- `DELETE`: delete a ClusterClass +- `GET`: read the specified ClusterClass +- `PATCH`: partially update the specified ClusterClass +- `PUT`: replace the specified ClusterClass +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterclasses/{name}/status` +- `GET`: read status of the specified ClusterClass +- `PATCH`: partially update status of the specified ClusterClass +- `PUT`: replace status of the specified ClusterClass + + +=== /apis/cluster.x-k8s.io/v1beta1/clusterclasses + + + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterClass + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.ClusterClassList[`ClusterClassList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterclasses + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ClusterClass + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterClass + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.ClusterClassList[`ClusterClassList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ClusterClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 201 - Created +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 202 - Accepted +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterclasses/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterClass +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ClusterClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ClusterClass + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ClusterClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ClusterClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 201 - Created +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterclasses/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterClass +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ClusterClass + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ClusterClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ClusterClass + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 201 - Created +| xref:../cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[`ClusterClass`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..bd0d26d752 --- /dev/null +++ b/rest_api/cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,676 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="clusterresourceset-addons-cluster-x-k8s-io-v1beta1"] += ClusterResourceSet [addons.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ClusterResourceSet is the Schema for the clusterresourcesets API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| ClusterResourceSetSpec defines the desired state of ClusterResourceSet. + +| `status` +| `object` +| ClusterResourceSetStatus defines the observed state of ClusterResourceSet. + +|=== +=== .spec +Description:: ++ +-- +ClusterResourceSetSpec defines the desired state of ClusterResourceSet. +-- + +Type:: + `object` + +Required:: + - `clusterSelector` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterSelector` +| `object` +| Label selector for Clusters. The Clusters that are +selected by this will be the ones affected by this ClusterResourceSet. +It must match the Cluster labels. This field is immutable. +Label selector cannot be empty. + +| `resources` +| `array` +| Resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters. + +| `resources[]` +| `object` +| ResourceRef specifies a resource. + +| `strategy` +| `string` +| Strategy is the strategy to be used during applying resources. Defaults to ApplyOnce. This field is immutable. + +|=== +=== .spec.clusterSelector +Description:: ++ +-- +Label selector for Clusters. The Clusters that are +selected by this will be the ones affected by this ClusterResourceSet. +It must match the Cluster labels. This field is immutable. +Label selector cannot be empty. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `matchExpressions` +| `array` +| matchExpressions is a list of label selector requirements. The requirements are ANDed. + +| `matchExpressions[]` +| `object` +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + +| `matchLabels` +| `object (string)` +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. + +|=== +=== .spec.clusterSelector.matchExpressions +Description:: ++ +-- +matchExpressions is a list of label selector requirements. The requirements are ANDed. +-- + +Type:: + `array` + + + + +=== .spec.clusterSelector.matchExpressions[] +Description:: ++ +-- +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. +-- + +Type:: + `object` + +Required:: + - `key` + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the label key that the selector applies to. + +| `operator` +| `string` +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. + +| `values` +| `array (string)` +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. + +|=== +=== .spec.resources +Description:: ++ +-- +Resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters. +-- + +Type:: + `array` + + + + +=== .spec.resources[] +Description:: ++ +-- +ResourceRef specifies a resource. +-- + +Type:: + `object` + +Required:: + - `kind` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `kind` +| `string` +| Kind of the resource. Supported kinds are: Secrets and ConfigMaps. + +| `name` +| `string` +| Name of the resource that is in the same namespace with ClusterResourceSet object. + +|=== +=== .status +Description:: ++ +-- +ClusterResourceSetStatus defines the observed state of ClusterResourceSet. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions defines current state of the ClusterResourceSet. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `observedGeneration` +| `integer` +| ObservedGeneration reflects the generation of the most recently observed ClusterResourceSet. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current state of the ClusterResourceSet. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/addons.cluster.x-k8s.io/v1beta1/clusterresourcesets` +- `GET`: list objects of kind ClusterResourceSet +* `/apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesets` +- `DELETE`: delete collection of ClusterResourceSet +- `GET`: list objects of kind ClusterResourceSet +- `POST`: create a ClusterResourceSet +* `/apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesets/{name}` +- `DELETE`: delete a ClusterResourceSet +- `GET`: read the specified ClusterResourceSet +- `PATCH`: partially update the specified ClusterResourceSet +- `PUT`: replace the specified ClusterResourceSet +* `/apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesets/{name}/status` +- `GET`: read status of the specified ClusterResourceSet +- `PATCH`: partially update status of the specified ClusterResourceSet +- `PUT`: replace status of the specified ClusterResourceSet + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/clusterresourcesets + + + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterResourceSet + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.addons.v1beta1.ClusterResourceSetList[`ClusterResourceSetList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesets + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ClusterResourceSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterResourceSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.addons.v1beta1.ClusterResourceSetList[`ClusterResourceSetList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ClusterResourceSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 201 - Created +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 202 - Accepted +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesets/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterResourceSet +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ClusterResourceSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ClusterResourceSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ClusterResourceSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ClusterResourceSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 201 - Created +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesets/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterResourceSet +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ClusterResourceSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ClusterResourceSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ClusterResourceSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 201 - Created +| xref:../cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSet`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..70c0138298 --- /dev/null +++ b/rest_api/cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,538 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1"] += ClusterResourceSetBinding [addons.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| ClusterResourceSetBindingSpec defines the desired state of ClusterResourceSetBinding. + +|=== +=== .spec +Description:: ++ +-- +ClusterResourceSetBindingSpec defines the desired state of ClusterResourceSetBinding. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bindings` +| `array` +| Bindings is a list of ClusterResourceSets and their resources. + +| `bindings[]` +| `object` +| ResourceSetBinding keeps info on all of the resources in a ClusterResourceSet. + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this binding applies to. +Note: this field mandatory in v1beta2. + +|=== +=== .spec.bindings +Description:: ++ +-- +Bindings is a list of ClusterResourceSets and their resources. +-- + +Type:: + `array` + + + + +=== .spec.bindings[] +Description:: ++ +-- +ResourceSetBinding keeps info on all of the resources in a ClusterResourceSet. +-- + +Type:: + `object` + +Required:: + - `clusterResourceSetName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterResourceSetName` +| `string` +| ClusterResourceSetName is the name of the ClusterResourceSet that is applied to the owner cluster of the binding. + +| `resources` +| `array` +| Resources is a list of resources that the ClusterResourceSet has. + +| `resources[]` +| `object` +| ResourceBinding shows the status of a resource that belongs to a ClusterResourceSet matched by the owner cluster of the ClusterResourceSetBinding object. + +|=== +=== .spec.bindings[].resources +Description:: ++ +-- +Resources is a list of resources that the ClusterResourceSet has. +-- + +Type:: + `array` + + + + +=== .spec.bindings[].resources[] +Description:: ++ +-- +ResourceBinding shows the status of a resource that belongs to a ClusterResourceSet matched by the owner cluster of the ClusterResourceSetBinding object. +-- + +Type:: + `object` + +Required:: + - `applied` + - `kind` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `applied` +| `boolean` +| Applied is to track if a resource is applied to the cluster or not. + +| `hash` +| `string` +| Hash is the hash of a resource's data. This can be used to decide if a resource is changed. +For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. + +| `kind` +| `string` +| Kind of the resource. Supported kinds are: Secrets and ConfigMaps. + +| `lastAppliedTime` +| `string` +| LastAppliedTime identifies when this resource was last applied to the cluster. + +| `name` +| `string` +| Name of the resource that is in the same namespace with ClusterResourceSet object. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/addons.cluster.x-k8s.io/v1beta1/clusterresourcesetbindings` +- `GET`: list objects of kind ClusterResourceSetBinding +* `/apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesetbindings` +- `DELETE`: delete collection of ClusterResourceSetBinding +- `GET`: list objects of kind ClusterResourceSetBinding +- `POST`: create a ClusterResourceSetBinding +* `/apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesetbindings/{name}` +- `DELETE`: delete a ClusterResourceSetBinding +- `GET`: read the specified ClusterResourceSetBinding +- `PATCH`: partially update the specified ClusterResourceSetBinding +- `PUT`: replace the specified ClusterResourceSetBinding +* `/apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesetbindings/{name}/status` +- `GET`: read status of the specified ClusterResourceSetBinding +- `PATCH`: partially update status of the specified ClusterResourceSetBinding +- `PUT`: replace status of the specified ClusterResourceSetBinding + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/clusterresourcesetbindings + + + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterResourceSetBinding + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.addons.v1beta1.ClusterResourceSetBindingList[`ClusterResourceSetBindingList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesetbindings + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ClusterResourceSetBinding + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterResourceSetBinding + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.addons.v1beta1.ClusterResourceSetBindingList[`ClusterResourceSetBindingList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ClusterResourceSetBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 201 - Created +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 202 - Accepted +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesetbindings/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterResourceSetBinding +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ClusterResourceSetBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ClusterResourceSetBinding + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ClusterResourceSetBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ClusterResourceSetBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 201 - Created +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/addons.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/clusterresourcesetbindings/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterResourceSetBinding +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ClusterResourceSetBinding + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ClusterResourceSetBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ClusterResourceSetBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 201 - Created +| xref:../cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[`ClusterResourceSetBinding`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc b/rest_api/cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc new file mode 100644 index 0000000000..413753cc2e --- /dev/null +++ b/rest_api/cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc @@ -0,0 +1,787 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="extensionconfig-runtime-cluster-x-k8s-io-v1alpha1"] += ExtensionConfig [runtime.cluster.x-k8s.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ExtensionConfig is the Schema for the ExtensionConfig API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| ExtensionConfigSpec is the desired state of the ExtensionConfig + +| `status` +| `object` +| ExtensionConfigStatus is the current state of the ExtensionConfig + +|=== +=== .spec +Description:: ++ +-- +ExtensionConfigSpec is the desired state of the ExtensionConfig +-- + +Type:: + `object` + +Required:: + - `clientConfig` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clientConfig` +| `object` +| ClientConfig defines how to communicate with the Extension server. + +| `namespaceSelector` +| `object` +| NamespaceSelector decides whether to call the hook for an object based +on whether the namespace for that object matches the selector. +Defaults to the empty LabelSelector, which matches all objects. + +| `settings` +| `object (string)` +| Settings defines key value pairs to be passed to all calls +to all supported RuntimeExtensions. +Note: Settings can be overridden on the ClusterClass. + +|=== +=== .spec.clientConfig +Description:: ++ +-- +ClientConfig defines how to communicate with the Extension server. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `caBundle` +| `string` +| CABundle is a PEM encoded CA bundle which will be used to validate the Extension server's server certificate. + +| `service` +| `object` +| Service is a reference to the Kubernetes service for the Extension server. +Note: Exactly one of `url` or `service` must be specified. + + +If the Extension server is running within a cluster, then you should use `service`. + +| `url` +| `string` +| URL gives the location of the Extension server, in standard URL form +(`scheme://host:port/path`). +Note: Exactly one of `url` or `service` must be specified. + + +The scheme must be "https". + + +The `host` should not refer to a service running in the cluster; use +the `service` field instead. + + +A path is optional, and if present may be any string permissible in +a URL. If a path is set it will be used as prefix to the hook-specific path. + + +Attempting to use a user or basic auth e.g. "user:password@" is not +allowed. Fragments ("#...") and query parameters ("?...") are not +allowed either. + +|=== +=== .spec.clientConfig.service +Description:: ++ +-- +Service is a reference to the Kubernetes service for the Extension server. +Note: Exactly one of `url` or `service` must be specified. + + +If the Extension server is running within a cluster, then you should use `service`. +-- + +Type:: + `object` + +Required:: + - `name` + - `namespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name is the name of the service. + +| `namespace` +| `string` +| Namespace is the namespace of the service. + +| `path` +| `string` +| Path is an optional URL path and if present may be any string permissible in +a URL. If a path is set it will be used as prefix to the hook-specific path. + +| `port` +| `integer` +| Port is the port on the service that's hosting the Extension server. +Defaults to 443. +Port should be a valid port number (1-65535, inclusive). + +|=== +=== .spec.namespaceSelector +Description:: ++ +-- +NamespaceSelector decides whether to call the hook for an object based +on whether the namespace for that object matches the selector. +Defaults to the empty LabelSelector, which matches all objects. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `matchExpressions` +| `array` +| matchExpressions is a list of label selector requirements. The requirements are ANDed. + +| `matchExpressions[]` +| `object` +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + +| `matchLabels` +| `object (string)` +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. + +|=== +=== .spec.namespaceSelector.matchExpressions +Description:: ++ +-- +matchExpressions is a list of label selector requirements. The requirements are ANDed. +-- + +Type:: + `array` + + + + +=== .spec.namespaceSelector.matchExpressions[] +Description:: ++ +-- +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. +-- + +Type:: + `object` + +Required:: + - `key` + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the label key that the selector applies to. + +| `operator` +| `string` +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. + +| `values` +| `array (string)` +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. + +|=== +=== .status +Description:: ++ +-- +ExtensionConfigStatus is the current state of the ExtensionConfig +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions define the current service state of the ExtensionConfig. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `handlers` +| `array` +| Handlers defines the current ExtensionHandlers supported by an Extension. + +| `handlers[]` +| `object` +| ExtensionHandler specifies the details of a handler for a particular runtime hook registered by an Extension server. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions define the current service state of the ExtensionConfig. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== +=== .status.handlers +Description:: ++ +-- +Handlers defines the current ExtensionHandlers supported by an Extension. +-- + +Type:: + `array` + + + + +=== .status.handlers[] +Description:: ++ +-- +ExtensionHandler specifies the details of a handler for a particular runtime hook registered by an Extension server. +-- + +Type:: + `object` + +Required:: + - `name` + - `requestHook` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `failurePolicy` +| `string` +| FailurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. +Defaults to Fail if not set. + +| `name` +| `string` +| Name is the unique name of the ExtensionHandler. + +| `requestHook` +| `object` +| RequestHook defines the versioned runtime hook which this ExtensionHandler serves. + +| `timeoutSeconds` +| `integer` +| TimeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. +Defaults to 10 is not set. + +|=== +=== .status.handlers[].requestHook +Description:: ++ +-- +RequestHook defines the versioned runtime hook which this ExtensionHandler serves. +-- + +Type:: + `object` + +Required:: + - `apiVersion` + - `hook` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion is the group and version of the Hook. + +| `hook` +| `string` +| Hook is the name of the hook. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs` +- `DELETE`: delete collection of ExtensionConfig +- `GET`: list objects of kind ExtensionConfig +- `POST`: create an ExtensionConfig +* `/apis/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs/{name}` +- `DELETE`: delete an ExtensionConfig +- `GET`: read the specified ExtensionConfig +- `PATCH`: partially update the specified ExtensionConfig +- `PUT`: replace the specified ExtensionConfig +* `/apis/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs/{name}/status` +- `GET`: read status of the specified ExtensionConfig +- `PATCH`: partially update status of the specified ExtensionConfig +- `PUT`: replace status of the specified ExtensionConfig + + +=== /apis/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ExtensionConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ExtensionConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.runtime.v1alpha1.ExtensionConfigList[`ExtensionConfigList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create an ExtensionConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 201 - Created +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 202 - Accepted +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ExtensionConfig +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete an ExtensionConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ExtensionConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ExtensionConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ExtensionConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 201 - Created +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/runtime.cluster.x-k8s.io/v1alpha1/extensionconfigs/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ExtensionConfig +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ExtensionConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ExtensionConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ExtensionConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 201 - Created +| xref:../cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[`ExtensionConfig`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..094f0eb5ab --- /dev/null +++ b/rest_api/cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,954 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPCluster [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPCluster is the Schema for the gcpclusters API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPClusterSpec defines the desired state of GCPCluster. + +| `status` +| `object` +| GCPClusterStatus defines the observed state of GCPCluster. + +|=== +=== .spec +Description:: ++ +-- +GCPClusterSpec defines the desired state of GCPCluster. +-- + +Type:: + `object` + +Required:: + - `project` + - `region` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalLabels` +| `object (string)` +| AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the +ones added by default. + +| `controlPlaneEndpoint` +| `object` +| ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + +| `credentialsRef` +| `object` +| CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not +supplied then the credentials of the controller will be used. + +| `failureDomains` +| `array (string)` +| FailureDomains is an optional field which is used to assign selected availability zones to a cluster +FailureDomains if empty, defaults to all the zones in the selected region and if specified would override +the default zones. + +| `loadBalancer` +| `object` +| LoadBalancer contains configuration for one or more LoadBalancers. + +| `network` +| `object` +| NetworkSpec encapsulates all things related to GCP network. + +| `project` +| `string` +| Project is the name of the project to deploy the cluster to. + +| `region` +| `string` +| The GCP Region the cluster lives in. + +| `resourceManagerTags` +| `array` +| ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. + +| `resourceManagerTags[]` +| `object` +| ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. + +|=== +=== .spec.controlPlaneEndpoint +Description:: ++ +-- +ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. +-- + +Type:: + `object` + +Required:: + - `host` + - `port` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `host` +| `string` +| The hostname on which the API server is serving. + +| `port` +| `integer` +| The port on which the API server is serving. + +|=== +=== .spec.credentialsRef +Description:: ++ +-- +CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not +supplied then the credentials of the controller will be used. +-- + +Type:: + `object` + +Required:: + - `name` + - `namespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +|=== +=== .spec.loadBalancer +Description:: ++ +-- +LoadBalancer contains configuration for one or more LoadBalancers. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiServerInstanceGroupTagOverride` +| `string` +| APIServerInstanceGroupTagOverride overrides the default setting for the +tag used when creating the API Server Instance Group. + +| `internalLoadBalancer` +| `object` +| InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. + +| `loadBalancerType` +| `string` +| LoadBalancerType defines the type of Load Balancer that should be created. +If not set, a Global External Proxy Load Balancer will be created by default. + +|=== +=== .spec.loadBalancer.internalLoadBalancer +Description:: ++ +-- +InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name is the name of the Load Balancer. If not set a default name +will be used. For an Internal Load Balancer service the default +name is "api-internal". + +| `subnet` +| `string` +| Subnet is the name of the subnet to use for a regional Load Balancer. A subnet is +required for the Load Balancer, if not defined the first configured subnet will be +used. + +|=== +=== .spec.network +Description:: ++ +-- +NetworkSpec encapsulates all things related to GCP network. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `autoCreateSubnetworks` +| `boolean` +| AutoCreateSubnetworks: When set to true, the VPC network is created +in "auto" mode. When set to false, the VPC network is created in +"custom" mode. + + +An auto mode VPC network starts with one subnet per region. Each +subnet has a predetermined range as described in Auto mode VPC +network IP ranges. + + +Defaults to true. + +| `hostProject` +| `string` +| HostProject is the name of the project hosting the shared VPC network resources. + +| `loadBalancerBackendPort` +| `integer` +| Allow for configuration of load balancer backend (useful for changing apiserver port) + +| `name` +| `string` +| Name is the name of the network to be used. + +| `subnets` +| `array` +| Subnets configuration. + +| `subnets[]` +| `object` +| SubnetSpec configures an GCP Subnet. + +|=== +=== .spec.network.subnets +Description:: ++ +-- +Subnets configuration. +-- + +Type:: + `array` + + + + +=== .spec.network.subnets[] +Description:: ++ +-- +SubnetSpec configures an GCP Subnet. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidrBlock` +| `string` +| CidrBlock is the range of internal addresses that are owned by this +subnetwork. Provide this property when you create the subnetwork. For +example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and +non-overlapping within a network. Only IPv4 is supported. This field +can be set only at resource creation time. + +| `description` +| `string` +| Description is an optional description associated with the resource. + +| `enableFlowLogs` +| `boolean` +| EnableFlowLogs: Whether to enable flow logging for this subnetwork. +If this field is not explicitly set, it will not appear in get +listings. If not set the default behavior is to disable flow logging. + +| `name` +| `string` +| Name defines a unique identifier to reference this resource. + +| `privateGoogleAccess` +| `boolean` +| PrivateGoogleAccess defines whether VMs in this subnet can access +Google services without assigning external IP addresses + +| `purpose` +| `string` +| Purpose: The purpose of the resource. +If unspecified, the purpose defaults to PRIVATE_RFC_1918. +The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + + +Possible values: + "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal +HTTP(S) Load Balancing. + "PRIVATE" - Regular user created or automatically created subnet. + "PRIVATE_RFC_1918" - Regular user created or automatically created +subnet. + "PRIVATE_SERVICE_CONNECT" - Subnetworks created for Private Service +Connect in the producer network. + "REGIONAL_MANAGED_PROXY" - Subnetwork used for Regional +Internal/External HTTP(S) Load Balancing. + +| `region` +| `string` +| Region is the name of the region where the Subnetwork resides. + +| `secondaryCidrBlocks` +| `object (string)` +| SecondaryCidrBlocks defines secondary CIDR ranges, +from which secondary IP ranges of a VM may be allocated + +|=== +=== .spec.resourceManagerTags +Description:: ++ +-- +ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. +-- + +Type:: + `array` + + + + +=== .spec.resourceManagerTags[] +Description:: ++ +-- +ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. +-- + +Type:: + `object` + +Required:: + - `key` + - `parentID` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot +be empty. Tag key must begin and end with an alphanumeric character, and must contain +only uppercase, lowercase alphanumeric characters, and the following special +characters `._-`. + +| `parentID` +| `string` +| ParentID is the ID of the hierarchical resource where the tags are defined +e.g. at the Organization or the Project level. To find the Organization or Project ID ref +https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id +https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects +An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. +A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, +numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + +| `value` +| `string` +| Value is the value part of the tag. A tag value can have a maximum of 63 characters and +cannot be empty. Tag value must begin and end with an alphanumeric character, and must +contain only uppercase, lowercase alphanumeric characters, and the following special +characters `_-.@%=+:,*#&(){}[]` and spaces. + +|=== +=== .status +Description:: ++ +-- +GCPClusterStatus defines the observed state of GCPCluster. +-- + +Type:: + `object` + +Required:: + - `ready` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `failureDomains` +| `object` +| FailureDomains is a slice of FailureDomains. + +| `failureDomains{}` +| `object` +| FailureDomainSpec is the Schema for Cluster API failure domains. +It allows controllers to understand how many failure domains a cluster can optionally span across. + +| `network` +| `object` +| Network encapsulates GCP networking resources. + +| `ready` +| `boolean` +| Bastion Instance `json:"bastion,omitempty"` + +|=== +=== .status.failureDomains +Description:: ++ +-- +FailureDomains is a slice of FailureDomains. +-- + +Type:: + `object` + + + + +=== .status.failureDomains{} +Description:: ++ +-- +FailureDomainSpec is the Schema for Cluster API failure domains. +It allows controllers to understand how many failure domains a cluster can optionally span across. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `attributes` +| `object (string)` +| Attributes is a free form map of attributes an infrastructure provider might use or require. + +| `controlPlane` +| `boolean` +| ControlPlane determines if this failure domain is suitable for use by control plane machines. + +|=== +=== .status.network +Description:: ++ +-- +Network encapsulates GCP networking resources. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiInternalBackendService` +| `string` +| APIInternalBackendService is the full reference to the backend service +created for the internal Load Balancer. + +| `apiInternalForwardingRule` +| `string` +| APIInternalForwardingRule is the full reference to the forwarding rule +created for the internal Load Balancer. + +| `apiInternalHealthCheck` +| `string` +| APIInternalHealthCheck is the full reference to the health check +created for the internal Load Balancer. + +| `apiInternalIpAddress` +| `string` +| APIInternalAddress is the IPV4 regional address assigned to the +internal Load Balancer. + +| `apiServerBackendService` +| `string` +| APIServerBackendService is the full reference to the backend service +created for the API Server. + +| `apiServerForwardingRule` +| `string` +| APIServerForwardingRule is the full reference to the forwarding rule +created for the API Server. + +| `apiServerHealthCheck` +| `string` +| APIServerHealthCheck is the full reference to the health check +created for the API Server. + +| `apiServerInstanceGroups` +| `object (string)` +| APIServerInstanceGroups is a map from zone to the full reference +to the instance groups created for the control plane nodes created in the same zone. + +| `apiServerIpAddress` +| `string` +| APIServerAddress is the IPV4 global address assigned to the load balancer +created for the API Server. + +| `apiServerTargetProxy` +| `string` +| APIServerTargetProxy is the full reference to the target proxy +created for the API Server. + +| `firewallRules` +| `object (string)` +| FirewallRules is a map from the name of the rule to its full reference. + +| `router` +| `string` +| Router is the full reference to the router created within the network +it'll contain the cloud nat gateway + +| `selfLink` +| `string` +| SelfLink is the link to the Network used for this cluster. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpclusters` +- `GET`: list objects of kind GCPCluster +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclusters` +- `DELETE`: delete collection of GCPCluster +- `GET`: list objects of kind GCPCluster +- `POST`: create a GCPCluster +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclusters/{name}` +- `DELETE`: delete a GCPCluster +- `GET`: read the specified GCPCluster +- `PATCH`: partially update the specified GCPCluster +- `PUT`: replace the specified GCPCluster +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclusters/{name}/status` +- `GET`: read status of the specified GCPCluster +- `PATCH`: partially update status of the specified GCPCluster +- `PUT`: replace status of the specified GCPCluster + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpclusters + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPCluster + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPClusterList[`GCPClusterList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclusters + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPClusterList[`GCPClusterList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 201 - Created +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclusters/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPCluster +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 201 - Created +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclusters/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPCluster +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified GCPCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified GCPCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified GCPCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 201 - Created +| xref:../cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPCluster`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..f03dedb5d1 --- /dev/null +++ b/rest_api/cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,772 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPClusterTemplate [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPClusterTemplate is the Schema for the gcpclustertemplates API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. + +|=== +=== .spec +Description:: ++ +-- +GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. +-- + +Type:: + `object` + +Required:: + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `object` +| GCPClusterTemplateResource contains spec for GCPClusterSpec. + +|=== +=== .spec.template +Description:: ++ +-- +GCPClusterTemplateResource contains spec for GCPClusterSpec. +-- + +Type:: + `object` + +Required:: + - `spec` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `metadata` +| `object` +| Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPClusterSpec defines the desired state of GCPCluster. + +|=== +=== .spec.template.metadata +Description:: ++ +-- +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.template.spec +Description:: ++ +-- +GCPClusterSpec defines the desired state of GCPCluster. +-- + +Type:: + `object` + +Required:: + - `project` + - `region` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalLabels` +| `object (string)` +| AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the +ones added by default. + +| `controlPlaneEndpoint` +| `object` +| ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + +| `credentialsRef` +| `object` +| CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not +supplied then the credentials of the controller will be used. + +| `failureDomains` +| `array (string)` +| FailureDomains is an optional field which is used to assign selected availability zones to a cluster +FailureDomains if empty, defaults to all the zones in the selected region and if specified would override +the default zones. + +| `loadBalancer` +| `object` +| LoadBalancer contains configuration for one or more LoadBalancers. + +| `network` +| `object` +| NetworkSpec encapsulates all things related to GCP network. + +| `project` +| `string` +| Project is the name of the project to deploy the cluster to. + +| `region` +| `string` +| The GCP Region the cluster lives in. + +| `resourceManagerTags` +| `array` +| ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. + +| `resourceManagerTags[]` +| `object` +| ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. + +|=== +=== .spec.template.spec.controlPlaneEndpoint +Description:: ++ +-- +ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. +-- + +Type:: + `object` + +Required:: + - `host` + - `port` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `host` +| `string` +| The hostname on which the API server is serving. + +| `port` +| `integer` +| The port on which the API server is serving. + +|=== +=== .spec.template.spec.credentialsRef +Description:: ++ +-- +CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not +supplied then the credentials of the controller will be used. +-- + +Type:: + `object` + +Required:: + - `name` + - `namespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +|=== +=== .spec.template.spec.loadBalancer +Description:: ++ +-- +LoadBalancer contains configuration for one or more LoadBalancers. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiServerInstanceGroupTagOverride` +| `string` +| APIServerInstanceGroupTagOverride overrides the default setting for the +tag used when creating the API Server Instance Group. + +| `internalLoadBalancer` +| `object` +| InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. + +| `loadBalancerType` +| `string` +| LoadBalancerType defines the type of Load Balancer that should be created. +If not set, a Global External Proxy Load Balancer will be created by default. + +|=== +=== .spec.template.spec.loadBalancer.internalLoadBalancer +Description:: ++ +-- +InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name is the name of the Load Balancer. If not set a default name +will be used. For an Internal Load Balancer service the default +name is "api-internal". + +| `subnet` +| `string` +| Subnet is the name of the subnet to use for a regional Load Balancer. A subnet is +required for the Load Balancer, if not defined the first configured subnet will be +used. + +|=== +=== .spec.template.spec.network +Description:: ++ +-- +NetworkSpec encapsulates all things related to GCP network. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `autoCreateSubnetworks` +| `boolean` +| AutoCreateSubnetworks: When set to true, the VPC network is created +in "auto" mode. When set to false, the VPC network is created in +"custom" mode. + + +An auto mode VPC network starts with one subnet per region. Each +subnet has a predetermined range as described in Auto mode VPC +network IP ranges. + + +Defaults to true. + +| `hostProject` +| `string` +| HostProject is the name of the project hosting the shared VPC network resources. + +| `loadBalancerBackendPort` +| `integer` +| Allow for configuration of load balancer backend (useful for changing apiserver port) + +| `name` +| `string` +| Name is the name of the network to be used. + +| `subnets` +| `array` +| Subnets configuration. + +| `subnets[]` +| `object` +| SubnetSpec configures an GCP Subnet. + +|=== +=== .spec.template.spec.network.subnets +Description:: ++ +-- +Subnets configuration. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.network.subnets[] +Description:: ++ +-- +SubnetSpec configures an GCP Subnet. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidrBlock` +| `string` +| CidrBlock is the range of internal addresses that are owned by this +subnetwork. Provide this property when you create the subnetwork. For +example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and +non-overlapping within a network. Only IPv4 is supported. This field +can be set only at resource creation time. + +| `description` +| `string` +| Description is an optional description associated with the resource. + +| `enableFlowLogs` +| `boolean` +| EnableFlowLogs: Whether to enable flow logging for this subnetwork. +If this field is not explicitly set, it will not appear in get +listings. If not set the default behavior is to disable flow logging. + +| `name` +| `string` +| Name defines a unique identifier to reference this resource. + +| `privateGoogleAccess` +| `boolean` +| PrivateGoogleAccess defines whether VMs in this subnet can access +Google services without assigning external IP addresses + +| `purpose` +| `string` +| Purpose: The purpose of the resource. +If unspecified, the purpose defaults to PRIVATE_RFC_1918. +The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + + +Possible values: + "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal +HTTP(S) Load Balancing. + "PRIVATE" - Regular user created or automatically created subnet. + "PRIVATE_RFC_1918" - Regular user created or automatically created +subnet. + "PRIVATE_SERVICE_CONNECT" - Subnetworks created for Private Service +Connect in the producer network. + "REGIONAL_MANAGED_PROXY" - Subnetwork used for Regional +Internal/External HTTP(S) Load Balancing. + +| `region` +| `string` +| Region is the name of the region where the Subnetwork resides. + +| `secondaryCidrBlocks` +| `object (string)` +| SecondaryCidrBlocks defines secondary CIDR ranges, +from which secondary IP ranges of a VM may be allocated + +|=== +=== .spec.template.spec.resourceManagerTags +Description:: ++ +-- +ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.resourceManagerTags[] +Description:: ++ +-- +ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. +-- + +Type:: + `object` + +Required:: + - `key` + - `parentID` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot +be empty. Tag key must begin and end with an alphanumeric character, and must contain +only uppercase, lowercase alphanumeric characters, and the following special +characters `._-`. + +| `parentID` +| `string` +| ParentID is the ID of the hierarchical resource where the tags are defined +e.g. at the Organization or the Project level. To find the Organization or Project ID ref +https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id +https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects +An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. +A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, +numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + +| `value` +| `string` +| Value is the value part of the tag. A tag value can have a maximum of 63 characters and +cannot be empty. Tag value must begin and end with an alphanumeric character, and must +contain only uppercase, lowercase alphanumeric characters, and the following special +characters `_-.@%=+:,*#&(){}[]` and spaces. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpclustertemplates` +- `GET`: list objects of kind GCPClusterTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclustertemplates` +- `DELETE`: delete collection of GCPClusterTemplate +- `GET`: list objects of kind GCPClusterTemplate +- `POST`: create a GCPClusterTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclustertemplates/{name}` +- `DELETE`: delete a GCPClusterTemplate +- `GET`: read the specified GCPClusterTemplate +- `PATCH`: partially update the specified GCPClusterTemplate +- `PUT`: replace the specified GCPClusterTemplate + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpclustertemplates + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPClusterTemplate + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPClusterTemplateList[`GCPClusterTemplateList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclustertemplates + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPClusterTemplate + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPClusterTemplate + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPClusterTemplateList[`GCPClusterTemplateList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPClusterTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 201 - Created +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpclustertemplates/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPClusterTemplate +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPClusterTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPClusterTemplate + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPClusterTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPClusterTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 201 - Created +| xref:../cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPClusterTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..b5fbbf9c8a --- /dev/null +++ b/rest_api/cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,1077 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPMachine [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPMachine is the Schema for the gcpmachines API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPMachineSpec defines the desired state of GCPMachine. + +| `status` +| `object` +| GCPMachineStatus defines the observed state of GCPMachine. + +|=== +=== .spec +Description:: ++ +-- +GCPMachineSpec defines the desired state of GCPMachine. +-- + +Type:: + `object` + +Required:: + - `instanceType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalDisks` +| `array` +| AdditionalDisks are optional non-boot attached disks. + +| `additionalDisks[]` +| `object` +| AttachedDiskSpec degined GCP machine disk. + +| `additionalLabels` +| `object (string)` +| AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the +GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the +GCPMachine's value takes precedence. + +| `additionalMetadata` +| `array` +| AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the +GCP provider. + +| `additionalMetadata[]` +| `object` +| MetadataItem defines a single piece of metadata associated with an instance. + +| `additionalNetworkTags` +| `array (string)` +| AdditionalNetworkTags is a list of network tags that should be applied to the +instance. These tags are set in addition to any network tags defined +at the cluster level or in the actuator. + +| `confidentialCompute` +| `string` +| ConfidentialCompute Defines whether the instance should have confidential compute enabled. +If enabled OnHostMaintenance is required to be set to "Terminate". +If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. + +| `image` +| `string` +| Image is the full reference to a valid image to be used for this machine. +Takes precedence over ImageFamily. + +| `imageFamily` +| `string` +| ImageFamily is the full reference to a valid image family to be used for this machine. + +| `instanceType` +| `string` +| InstanceType is the type of instance to create. Example: n1.standard-2 + +| `ipForwarding` +| `string` +| IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. +This is required if you plan to use this instance to forward routes. Defaults to enabled. + +| `onHostMaintenance` +| `string` +| OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". + +| `preemptible` +| `boolean` +| Preemptible defines if instance is preemptible + +| `providerID` +| `string` +| ProviderID is the unique identifier as specified by the cloud provider. + +| `publicIP` +| `boolean` +| PublicIP specifies whether the instance should get a public IP. +Set this to true if you don't have a NAT instances or Cloud Nat setup. + +| `resourceManagerTags` +| `array` +| ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. + +| `resourceManagerTags[]` +| `object` +| ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. + +| `rootDeviceSize` +| `integer` +| RootDeviceSize is the size of the root volume in GB. +Defaults to 30. + +| `rootDeviceType` +| `string` +| RootDeviceType is the type of the root volume. +Supported types of root volumes: +1. "pd-standard" - Standard (HDD) persistent disk +2. "pd-ssd" - SSD persistent disk +Default is "pd-standard". + +| `rootDiskEncryptionKey` +| `object` +| RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk. + +| `serviceAccounts` +| `object` +| ServiceAccount specifies the service account email and which scopes to assign to the machine. +Defaults to: email: "default", scope: []{compute.CloudPlatformScope} + +| `shieldedInstanceConfig` +| `object` +| ShieldedInstanceConfig is the Shielded VM configuration for this machine + +| `subnet` +| `string` +| Subnet is a reference to the subnetwork to use for this instance. If not specified, +the first subnetwork retrieved from the Cluster Region and Network is picked. + +|=== +=== .spec.additionalDisks +Description:: ++ +-- +AdditionalDisks are optional non-boot attached disks. +-- + +Type:: + `array` + + + + +=== .spec.additionalDisks[] +Description:: ++ +-- +AttachedDiskSpec degined GCP machine disk. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `deviceType` +| `string` +| DeviceType is a device type of the attached disk. +Supported types of non-root attached volumes: +1. "pd-standard" - Standard (HDD) persistent disk +2. "pd-ssd" - SSD persistent disk +3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). +Default is "pd-standard". + +| `encryptionKey` +| `object` +| EncryptionKey defines the KMS key to be used to encrypt the disk. + +| `size` +| `integer` +| Size is the size of the disk in GBs. +Defaults to 30GB. For "local-ssd" size is always 375GB. + +|=== +=== .spec.additionalDisks[].encryptionKey +Description:: ++ +-- +EncryptionKey defines the KMS key to be used to encrypt the disk. +-- + +Type:: + `object` + +Required:: + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `keyType` +| `string` +| KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or +Supplied, aka Customer-Supplied EncryptionKey (CSEK). + +| `kmsKeyServiceAccount` +| `string` +| KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. +If absent, the Compute Engine default service account is used. For example: +"kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. +The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email +suffix ("iam.gserviceaccount.com"). + +| `managedKey` +| `object` +| ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. + +| `suppliedKey` +| `object` +| SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. + +|=== +=== .spec.additionalDisks[].encryptionKey.managedKey +Description:: ++ +-- +ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `kmsKeyName` +| `string` +| KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: +"kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key + +|=== +=== .spec.additionalDisks[].encryptionKey.suppliedKey +Description:: ++ +-- +SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rawKey` +| `string` +| RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 +base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. +For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" + +| `rsaEncryptedKey` +| `string` +| RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption +key to either encrypt or decrypt this resource. You can provide either the rawKey or the +rsaEncryptedKey. +For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi +z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi +D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" +The key must meet the following requirements before you can provide it to Compute Engine: +1. The key is wrapped using a RSA public key certificate provided by Google. +2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. +Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem + +|=== +=== .spec.additionalMetadata +Description:: ++ +-- +AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the +GCP provider. +-- + +Type:: + `array` + + + + +=== .spec.additionalMetadata[] +Description:: ++ +-- +MetadataItem defines a single piece of metadata associated with an instance. +-- + +Type:: + `object` + +Required:: + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the identifier for the metadata entry. + +| `value` +| `string` +| Value is the value of the metadata entry. + +|=== +=== .spec.resourceManagerTags +Description:: ++ +-- +ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. +-- + +Type:: + `array` + + + + +=== .spec.resourceManagerTags[] +Description:: ++ +-- +ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. +-- + +Type:: + `object` + +Required:: + - `key` + - `parentID` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot +be empty. Tag key must begin and end with an alphanumeric character, and must contain +only uppercase, lowercase alphanumeric characters, and the following special +characters `._-`. + +| `parentID` +| `string` +| ParentID is the ID of the hierarchical resource where the tags are defined +e.g. at the Organization or the Project level. To find the Organization or Project ID ref +https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id +https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects +An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. +A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, +numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + +| `value` +| `string` +| Value is the value part of the tag. A tag value can have a maximum of 63 characters and +cannot be empty. Tag value must begin and end with an alphanumeric character, and must +contain only uppercase, lowercase alphanumeric characters, and the following special +characters `_-.@%=+:,*#&(){}[]` and spaces. + +|=== +=== .spec.rootDiskEncryptionKey +Description:: ++ +-- +RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk. +-- + +Type:: + `object` + +Required:: + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `keyType` +| `string` +| KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or +Supplied, aka Customer-Supplied EncryptionKey (CSEK). + +| `kmsKeyServiceAccount` +| `string` +| KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. +If absent, the Compute Engine default service account is used. For example: +"kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. +The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email +suffix ("iam.gserviceaccount.com"). + +| `managedKey` +| `object` +| ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. + +| `suppliedKey` +| `object` +| SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. + +|=== +=== .spec.rootDiskEncryptionKey.managedKey +Description:: ++ +-- +ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `kmsKeyName` +| `string` +| KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: +"kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key + +|=== +=== .spec.rootDiskEncryptionKey.suppliedKey +Description:: ++ +-- +SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rawKey` +| `string` +| RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 +base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. +For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" + +| `rsaEncryptedKey` +| `string` +| RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption +key to either encrypt or decrypt this resource. You can provide either the rawKey or the +rsaEncryptedKey. +For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi +z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi +D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" +The key must meet the following requirements before you can provide it to Compute Engine: +1. The key is wrapped using a RSA public key certificate provided by Google. +2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. +Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem + +|=== +=== .spec.serviceAccounts +Description:: ++ +-- +ServiceAccount specifies the service account email and which scopes to assign to the machine. +Defaults to: email: "default", scope: []{compute.CloudPlatformScope} +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `email` +| `string` +| Email: Email address of the service account. + +| `scopes` +| `array (string)` +| Scopes: The list of scopes to be made available for this service +account. + +|=== +=== .spec.shieldedInstanceConfig +Description:: ++ +-- +ShieldedInstanceConfig is the Shielded VM configuration for this machine +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `integrityMonitoring` +| `string` +| IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. +Compares the most recent boot measurements to the integrity policy baseline and return +a pair of pass/fail results depending on whether they match or not. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + +| `secureBoot` +| `string` +| SecureBoot Defines whether the instance should have secure boot enabled. +Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. + +| `virtualizedTrustedPlatformModule` +| `string` +| VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. +The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + +|=== +=== .status +Description:: ++ +-- +GCPMachineStatus defines the observed state of GCPMachine. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `addresses` +| `array` +| Addresses contains the GCP instance associated addresses. + +| `addresses[]` +| `object` +| NodeAddress contains information for the node's address. + +| `failureMessage` +| `string` +| FailureMessage will be set in the event that there is a terminal problem +reconciling the Machine and will contain a more verbose string suitable +for logging and human consumption. + + +This field should not be set for transitive errors that a controller +faces that are expected to be fixed automatically over +time (like service outages), but instead indicate that something is +fundamentally wrong with the Machine's spec or the configuration of +the controller, and that manual intervention is required. Examples +of terminal errors would be invalid combinations of settings in the +spec, values that are unsupported by the controller, or the +responsible controller itself being critically misconfigured. + + +Any transient errors that occur during the reconciliation of Machines +can be added as events to the Machine object and/or logged in the +controller's output. + +| `failureReason` +| `string` +| FailureReason will be set in the event that there is a terminal problem +reconciling the Machine and will contain a succinct value suitable +for machine interpretation. + + +This field should not be set for transitive errors that a controller +faces that are expected to be fixed automatically over +time (like service outages), but instead indicate that something is +fundamentally wrong with the Machine's spec or the configuration of +the controller, and that manual intervention is required. Examples +of terminal errors would be invalid combinations of settings in the +spec, values that are unsupported by the controller, or the +responsible controller itself being critically misconfigured. + + +Any transient errors that occur during the reconciliation of Machines +can be added as events to the Machine object and/or logged in the +controller's output. + +| `instanceState` +| `string` +| InstanceStatus is the status of the GCP instance for this machine. + +| `ready` +| `boolean` +| Ready is true when the provider resource is ready. + +|=== +=== .status.addresses +Description:: ++ +-- +Addresses contains the GCP instance associated addresses. +-- + +Type:: + `array` + + + + +=== .status.addresses[] +Description:: ++ +-- +NodeAddress contains information for the node's address. +-- + +Type:: + `object` + +Required:: + - `address` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `address` +| `string` +| The node address. + +| `type` +| `string` +| Node address type, one of Hostname, ExternalIP or InternalIP. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmachines` +- `GET`: list objects of kind GCPMachine +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines` +- `DELETE`: delete collection of GCPMachine +- `GET`: list objects of kind GCPMachine +- `POST`: create a GCPMachine +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines/{name}` +- `DELETE`: delete a GCPMachine +- `GET`: read the specified GCPMachine +- `PATCH`: partially update the specified GCPMachine +- `PUT`: replace the specified GCPMachine +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines/{name}/status` +- `GET`: read status of the specified GCPMachine +- `PATCH`: partially update status of the specified GCPMachine +- `PUT`: replace status of the specified GCPMachine + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmachines + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPMachine + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPMachineList[`GCPMachineList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPMachine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPMachine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPMachineList[`GCPMachineList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPMachine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 201 - Created +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPMachine +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPMachine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPMachine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPMachine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPMachine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 201 - Created +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachines/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPMachine +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified GCPMachine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified GCPMachine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified GCPMachine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 201 - Created +| xref:../cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachine`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..a22302159b --- /dev/null +++ b/rest_api/cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,935 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPMachineTemplate [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPMachineTemplate is the Schema for the gcpmachinetemplates API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. + +|=== +=== .spec +Description:: ++ +-- +GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. +-- + +Type:: + `object` + +Required:: + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `template` +| `object` +| GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template. + +|=== +=== .spec.template +Description:: ++ +-- +GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template. +-- + +Type:: + `object` + +Required:: + - `spec` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `metadata` +| `object` +| Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Spec is the specification of the desired behavior of the machine. + +|=== +=== .spec.template.metadata +Description:: ++ +-- +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.template.spec +Description:: ++ +-- +Spec is the specification of the desired behavior of the machine. +-- + +Type:: + `object` + +Required:: + - `instanceType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalDisks` +| `array` +| AdditionalDisks are optional non-boot attached disks. + +| `additionalDisks[]` +| `object` +| AttachedDiskSpec degined GCP machine disk. + +| `additionalLabels` +| `object (string)` +| AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the +GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the +GCPMachine's value takes precedence. + +| `additionalMetadata` +| `array` +| AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the +GCP provider. + +| `additionalMetadata[]` +| `object` +| MetadataItem defines a single piece of metadata associated with an instance. + +| `additionalNetworkTags` +| `array (string)` +| AdditionalNetworkTags is a list of network tags that should be applied to the +instance. These tags are set in addition to any network tags defined +at the cluster level or in the actuator. + +| `confidentialCompute` +| `string` +| ConfidentialCompute Defines whether the instance should have confidential compute enabled. +If enabled OnHostMaintenance is required to be set to "Terminate". +If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. + +| `image` +| `string` +| Image is the full reference to a valid image to be used for this machine. +Takes precedence over ImageFamily. + +| `imageFamily` +| `string` +| ImageFamily is the full reference to a valid image family to be used for this machine. + +| `instanceType` +| `string` +| InstanceType is the type of instance to create. Example: n1.standard-2 + +| `ipForwarding` +| `string` +| IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. +This is required if you plan to use this instance to forward routes. Defaults to enabled. + +| `onHostMaintenance` +| `string` +| OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". + +| `preemptible` +| `boolean` +| Preemptible defines if instance is preemptible + +| `providerID` +| `string` +| ProviderID is the unique identifier as specified by the cloud provider. + +| `publicIP` +| `boolean` +| PublicIP specifies whether the instance should get a public IP. +Set this to true if you don't have a NAT instances or Cloud Nat setup. + +| `resourceManagerTags` +| `array` +| ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. + +| `resourceManagerTags[]` +| `object` +| ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. + +| `rootDeviceSize` +| `integer` +| RootDeviceSize is the size of the root volume in GB. +Defaults to 30. + +| `rootDeviceType` +| `string` +| RootDeviceType is the type of the root volume. +Supported types of root volumes: +1. "pd-standard" - Standard (HDD) persistent disk +2. "pd-ssd" - SSD persistent disk +Default is "pd-standard". + +| `rootDiskEncryptionKey` +| `object` +| RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk. + +| `serviceAccounts` +| `object` +| ServiceAccount specifies the service account email and which scopes to assign to the machine. +Defaults to: email: "default", scope: []{compute.CloudPlatformScope} + +| `shieldedInstanceConfig` +| `object` +| ShieldedInstanceConfig is the Shielded VM configuration for this machine + +| `subnet` +| `string` +| Subnet is a reference to the subnetwork to use for this instance. If not specified, +the first subnetwork retrieved from the Cluster Region and Network is picked. + +|=== +=== .spec.template.spec.additionalDisks +Description:: ++ +-- +AdditionalDisks are optional non-boot attached disks. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.additionalDisks[] +Description:: ++ +-- +AttachedDiskSpec degined GCP machine disk. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `deviceType` +| `string` +| DeviceType is a device type of the attached disk. +Supported types of non-root attached volumes: +1. "pd-standard" - Standard (HDD) persistent disk +2. "pd-ssd" - SSD persistent disk +3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). +Default is "pd-standard". + +| `encryptionKey` +| `object` +| EncryptionKey defines the KMS key to be used to encrypt the disk. + +| `size` +| `integer` +| Size is the size of the disk in GBs. +Defaults to 30GB. For "local-ssd" size is always 375GB. + +|=== +=== .spec.template.spec.additionalDisks[].encryptionKey +Description:: ++ +-- +EncryptionKey defines the KMS key to be used to encrypt the disk. +-- + +Type:: + `object` + +Required:: + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `keyType` +| `string` +| KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or +Supplied, aka Customer-Supplied EncryptionKey (CSEK). + +| `kmsKeyServiceAccount` +| `string` +| KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. +If absent, the Compute Engine default service account is used. For example: +"kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. +The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email +suffix ("iam.gserviceaccount.com"). + +| `managedKey` +| `object` +| ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. + +| `suppliedKey` +| `object` +| SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. + +|=== +=== .spec.template.spec.additionalDisks[].encryptionKey.managedKey +Description:: ++ +-- +ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `kmsKeyName` +| `string` +| KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: +"kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key + +|=== +=== .spec.template.spec.additionalDisks[].encryptionKey.suppliedKey +Description:: ++ +-- +SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rawKey` +| `string` +| RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 +base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. +For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" + +| `rsaEncryptedKey` +| `string` +| RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption +key to either encrypt or decrypt this resource. You can provide either the rawKey or the +rsaEncryptedKey. +For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi +z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi +D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" +The key must meet the following requirements before you can provide it to Compute Engine: +1. The key is wrapped using a RSA public key certificate provided by Google. +2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. +Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem + +|=== +=== .spec.template.spec.additionalMetadata +Description:: ++ +-- +AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the +GCP provider. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.additionalMetadata[] +Description:: ++ +-- +MetadataItem defines a single piece of metadata associated with an instance. +-- + +Type:: + `object` + +Required:: + - `key` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the identifier for the metadata entry. + +| `value` +| `string` +| Value is the value of the metadata entry. + +|=== +=== .spec.template.spec.resourceManagerTags +Description:: ++ +-- +ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. +-- + +Type:: + `array` + + + + +=== .spec.template.spec.resourceManagerTags[] +Description:: ++ +-- +ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. +-- + +Type:: + `object` + +Required:: + - `key` + - `parentID` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot +be empty. Tag key must begin and end with an alphanumeric character, and must contain +only uppercase, lowercase alphanumeric characters, and the following special +characters `._-`. + +| `parentID` +| `string` +| ParentID is the ID of the hierarchical resource where the tags are defined +e.g. at the Organization or the Project level. To find the Organization or Project ID ref +https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id +https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects +An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. +A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, +numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + +| `value` +| `string` +| Value is the value part of the tag. A tag value can have a maximum of 63 characters and +cannot be empty. Tag value must begin and end with an alphanumeric character, and must +contain only uppercase, lowercase alphanumeric characters, and the following special +characters `_-.@%=+:,*#&(){}[]` and spaces. + +|=== +=== .spec.template.spec.rootDiskEncryptionKey +Description:: ++ +-- +RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk. +-- + +Type:: + `object` + +Required:: + - `keyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `keyType` +| `string` +| KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or +Supplied, aka Customer-Supplied EncryptionKey (CSEK). + +| `kmsKeyServiceAccount` +| `string` +| KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key. +If absent, the Compute Engine default service account is used. For example: +"kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com. +The maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email +suffix ("iam.gserviceaccount.com"). + +| `managedKey` +| `object` +| ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. + +| `suppliedKey` +| `object` +| SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. + +|=== +=== .spec.template.spec.rootDiskEncryptionKey.managedKey +Description:: ++ +-- +ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `kmsKeyName` +| `string` +| KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example: +"kmsKeyName": "projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key + +|=== +=== .spec.template.spec.rootDiskEncryptionKey.suppliedKey +Description:: ++ +-- +SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rawKey` +| `string` +| RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 +base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. +For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" + +| `rsaEncryptedKey` +| `string` +| RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption +key to either encrypt or decrypt this resource. You can provide either the rawKey or the +rsaEncryptedKey. +For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi +z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi +D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" +The key must meet the following requirements before you can provide it to Compute Engine: +1. The key is wrapped using a RSA public key certificate provided by Google. +2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. +Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem + +|=== +=== .spec.template.spec.serviceAccounts +Description:: ++ +-- +ServiceAccount specifies the service account email and which scopes to assign to the machine. +Defaults to: email: "default", scope: []{compute.CloudPlatformScope} +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `email` +| `string` +| Email: Email address of the service account. + +| `scopes` +| `array (string)` +| Scopes: The list of scopes to be made available for this service +account. + +|=== +=== .spec.template.spec.shieldedInstanceConfig +Description:: ++ +-- +ShieldedInstanceConfig is the Shielded VM configuration for this machine +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `integrityMonitoring` +| `string` +| IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. +Compares the most recent boot measurements to the integrity policy baseline and return +a pair of pass/fail results depending on whether they match or not. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + +| `secureBoot` +| `string` +| SecureBoot Defines whether the instance should have secure boot enabled. +Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. + +| `virtualizedTrustedPlatformModule` +| `string` +| VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. +The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. +If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmachinetemplates` +- `GET`: list objects of kind GCPMachineTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachinetemplates` +- `DELETE`: delete collection of GCPMachineTemplate +- `GET`: list objects of kind GCPMachineTemplate +- `POST`: create a GCPMachineTemplate +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachinetemplates/{name}` +- `DELETE`: delete a GCPMachineTemplate +- `GET`: read the specified GCPMachineTemplate +- `PATCH`: partially update the specified GCPMachineTemplate +- `PUT`: replace the specified GCPMachineTemplate + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmachinetemplates + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPMachineTemplate + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPMachineTemplateList[`GCPMachineTemplateList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachinetemplates + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPMachineTemplate + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPMachineTemplate + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPMachineTemplateList[`GCPMachineTemplateList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPMachineTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 201 - Created +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmachinetemplates/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPMachineTemplate +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPMachineTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPMachineTemplate + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPMachineTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPMachineTemplate + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 201 - Created +| xref:../cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[`GCPMachineTemplate`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..bee1dc734d --- /dev/null +++ b/rest_api/cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,1024 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPManagedCluster [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPManagedCluster is the Schema for the gcpmanagedclusters API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPManagedClusterSpec defines the desired state of GCPManagedCluster. + +| `status` +| `object` +| GCPManagedClusterStatus defines the observed state of GCPManagedCluster. + +|=== +=== .spec +Description:: ++ +-- +GCPManagedClusterSpec defines the desired state of GCPManagedCluster. +-- + +Type:: + `object` + +Required:: + - `project` + - `region` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalLabels` +| `object (string)` +| AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the +ones added by default. + +| `controlPlaneEndpoint` +| `object` +| ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + +| `credentialsRef` +| `object` +| CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not +supplied then the credentials of the controller will be used. + +| `loadBalancer` +| `object` +| LoadBalancerSpec contains configuration for one or more LoadBalancers. + +| `network` +| `object` +| NetworkSpec encapsulates all things related to the GCP network. + +| `project` +| `string` +| Project is the name of the project to deploy the cluster to. + +| `region` +| `string` +| The GCP Region the cluster lives in. + +| `resourceManagerTags` +| `array` +| ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. + +| `resourceManagerTags[]` +| `object` +| ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. + +|=== +=== .spec.controlPlaneEndpoint +Description:: ++ +-- +ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. +-- + +Type:: + `object` + +Required:: + - `host` + - `port` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `host` +| `string` +| The hostname on which the API server is serving. + +| `port` +| `integer` +| The port on which the API server is serving. + +|=== +=== .spec.credentialsRef +Description:: ++ +-- +CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not +supplied then the credentials of the controller will be used. +-- + +Type:: + `object` + +Required:: + - `name` + - `namespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +|=== +=== .spec.loadBalancer +Description:: ++ +-- +LoadBalancerSpec contains configuration for one or more LoadBalancers. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiServerInstanceGroupTagOverride` +| `string` +| APIServerInstanceGroupTagOverride overrides the default setting for the +tag used when creating the API Server Instance Group. + +| `internalLoadBalancer` +| `object` +| InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. + +| `loadBalancerType` +| `string` +| LoadBalancerType defines the type of Load Balancer that should be created. +If not set, a Global External Proxy Load Balancer will be created by default. + +|=== +=== .spec.loadBalancer.internalLoadBalancer +Description:: ++ +-- +InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Name is the name of the Load Balancer. If not set a default name +will be used. For an Internal Load Balancer service the default +name is "api-internal". + +| `subnet` +| `string` +| Subnet is the name of the subnet to use for a regional Load Balancer. A subnet is +required for the Load Balancer, if not defined the first configured subnet will be +used. + +|=== +=== .spec.network +Description:: ++ +-- +NetworkSpec encapsulates all things related to the GCP network. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `autoCreateSubnetworks` +| `boolean` +| AutoCreateSubnetworks: When set to true, the VPC network is created +in "auto" mode. When set to false, the VPC network is created in +"custom" mode. + + +An auto mode VPC network starts with one subnet per region. Each +subnet has a predetermined range as described in Auto mode VPC +network IP ranges. + + +Defaults to true. + +| `hostProject` +| `string` +| HostProject is the name of the project hosting the shared VPC network resources. + +| `loadBalancerBackendPort` +| `integer` +| Allow for configuration of load balancer backend (useful for changing apiserver port) + +| `name` +| `string` +| Name is the name of the network to be used. + +| `subnets` +| `array` +| Subnets configuration. + +| `subnets[]` +| `object` +| SubnetSpec configures an GCP Subnet. + +|=== +=== .spec.network.subnets +Description:: ++ +-- +Subnets configuration. +-- + +Type:: + `array` + + + + +=== .spec.network.subnets[] +Description:: ++ +-- +SubnetSpec configures an GCP Subnet. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidrBlock` +| `string` +| CidrBlock is the range of internal addresses that are owned by this +subnetwork. Provide this property when you create the subnetwork. For +example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and +non-overlapping within a network. Only IPv4 is supported. This field +can be set only at resource creation time. + +| `description` +| `string` +| Description is an optional description associated with the resource. + +| `enableFlowLogs` +| `boolean` +| EnableFlowLogs: Whether to enable flow logging for this subnetwork. +If this field is not explicitly set, it will not appear in get +listings. If not set the default behavior is to disable flow logging. + +| `name` +| `string` +| Name defines a unique identifier to reference this resource. + +| `privateGoogleAccess` +| `boolean` +| PrivateGoogleAccess defines whether VMs in this subnet can access +Google services without assigning external IP addresses + +| `purpose` +| `string` +| Purpose: The purpose of the resource. +If unspecified, the purpose defaults to PRIVATE_RFC_1918. +The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + + +Possible values: + "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal +HTTP(S) Load Balancing. + "PRIVATE" - Regular user created or automatically created subnet. + "PRIVATE_RFC_1918" - Regular user created or automatically created +subnet. + "PRIVATE_SERVICE_CONNECT" - Subnetworks created for Private Service +Connect in the producer network. + "REGIONAL_MANAGED_PROXY" - Subnetwork used for Regional +Internal/External HTTP(S) Load Balancing. + +| `region` +| `string` +| Region is the name of the region where the Subnetwork resides. + +| `secondaryCidrBlocks` +| `object (string)` +| SecondaryCidrBlocks defines secondary CIDR ranges, +from which secondary IP ranges of a VM may be allocated + +|=== +=== .spec.resourceManagerTags +Description:: ++ +-- +ResourceManagerTags is an optional set of tags to apply to GCP resources managed +by the GCP provider. GCP supports a maximum of 50 tags per resource. +-- + +Type:: + `array` + + + + +=== .spec.resourceManagerTags[] +Description:: ++ +-- +ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider. +-- + +Type:: + `object` + +Required:: + - `key` + - `parentID` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot +be empty. Tag key must begin and end with an alphanumeric character, and must contain +only uppercase, lowercase alphanumeric characters, and the following special +characters `._-`. + +| `parentID` +| `string` +| ParentID is the ID of the hierarchical resource where the tags are defined +e.g. at the Organization or the Project level. To find the Organization or Project ID ref +https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id +https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects +An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. +A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, +numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + +| `value` +| `string` +| Value is the value part of the tag. A tag value can have a maximum of 63 characters and +cannot be empty. Tag value must begin and end with an alphanumeric character, and must +contain only uppercase, lowercase alphanumeric characters, and the following special +characters `_-.@%=+:,*#&(){}[]` and spaces. + +|=== +=== .status +Description:: ++ +-- +GCPManagedClusterStatus defines the observed state of GCPManagedCluster. +-- + +Type:: + `object` + +Required:: + - `ready` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions specifies the conditions for the managed control plane + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `failureDomains` +| `object` +| FailureDomains is a slice of FailureDomains. + +| `failureDomains{}` +| `object` +| FailureDomainSpec is the Schema for Cluster API failure domains. +It allows controllers to understand how many failure domains a cluster can optionally span across. + +| `network` +| `object` +| Network encapsulates GCP networking resources. + +| `ready` +| `boolean` +| + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions specifies the conditions for the managed control plane +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== +=== .status.failureDomains +Description:: ++ +-- +FailureDomains is a slice of FailureDomains. +-- + +Type:: + `object` + + + + +=== .status.failureDomains{} +Description:: ++ +-- +FailureDomainSpec is the Schema for Cluster API failure domains. +It allows controllers to understand how many failure domains a cluster can optionally span across. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `attributes` +| `object (string)` +| Attributes is a free form map of attributes an infrastructure provider might use or require. + +| `controlPlane` +| `boolean` +| ControlPlane determines if this failure domain is suitable for use by control plane machines. + +|=== +=== .status.network +Description:: ++ +-- +Network encapsulates GCP networking resources. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiInternalBackendService` +| `string` +| APIInternalBackendService is the full reference to the backend service +created for the internal Load Balancer. + +| `apiInternalForwardingRule` +| `string` +| APIInternalForwardingRule is the full reference to the forwarding rule +created for the internal Load Balancer. + +| `apiInternalHealthCheck` +| `string` +| APIInternalHealthCheck is the full reference to the health check +created for the internal Load Balancer. + +| `apiInternalIpAddress` +| `string` +| APIInternalAddress is the IPV4 regional address assigned to the +internal Load Balancer. + +| `apiServerBackendService` +| `string` +| APIServerBackendService is the full reference to the backend service +created for the API Server. + +| `apiServerForwardingRule` +| `string` +| APIServerForwardingRule is the full reference to the forwarding rule +created for the API Server. + +| `apiServerHealthCheck` +| `string` +| APIServerHealthCheck is the full reference to the health check +created for the API Server. + +| `apiServerInstanceGroups` +| `object (string)` +| APIServerInstanceGroups is a map from zone to the full reference +to the instance groups created for the control plane nodes created in the same zone. + +| `apiServerIpAddress` +| `string` +| APIServerAddress is the IPV4 global address assigned to the load balancer +created for the API Server. + +| `apiServerTargetProxy` +| `string` +| APIServerTargetProxy is the full reference to the target proxy +created for the API Server. + +| `firewallRules` +| `object (string)` +| FirewallRules is a map from the name of the rule to its full reference. + +| `router` +| `string` +| Router is the full reference to the router created within the network +it'll contain the cloud nat gateway + +| `selfLink` +| `string` +| SelfLink is the link to the Network used for this cluster. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmanagedclusters` +- `GET`: list objects of kind GCPManagedCluster +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedclusters` +- `DELETE`: delete collection of GCPManagedCluster +- `GET`: list objects of kind GCPManagedCluster +- `POST`: create a GCPManagedCluster +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedclusters/{name}` +- `DELETE`: delete a GCPManagedCluster +- `GET`: read the specified GCPManagedCluster +- `PATCH`: partially update the specified GCPManagedCluster +- `PUT`: replace the specified GCPManagedCluster +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedclusters/{name}/status` +- `GET`: read status of the specified GCPManagedCluster +- `PATCH`: partially update status of the specified GCPManagedCluster +- `PUT`: replace status of the specified GCPManagedCluster + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmanagedclusters + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPManagedCluster + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedClusterList[`GCPManagedClusterList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedclusters + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPManagedCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPManagedCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedClusterList[`GCPManagedClusterList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPManagedCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedclusters/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPManagedCluster +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPManagedCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPManagedCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPManagedCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPManagedCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedclusters/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPManagedCluster +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified GCPManagedCluster + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified GCPManagedCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified GCPManagedCluster + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedCluster`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..6349b0d804 --- /dev/null +++ b/rest_api/cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,680 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPManagedControlPlane [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPManagedControlPlane is the Schema for the gcpmanagedcontrolplanes API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPManagedControlPlaneSpec defines the desired state of GCPManagedControlPlane. + +| `status` +| `object` +| GCPManagedControlPlaneStatus defines the observed state of GCPManagedControlPlane. + +|=== +=== .spec +Description:: ++ +-- +GCPManagedControlPlaneSpec defines the desired state of GCPManagedControlPlane. +-- + +Type:: + `object` + +Required:: + - `location` + - `project` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterName` +| `string` +| ClusterName allows you to specify the name of the GKE cluster. +If you don't specify a name then a default name will be created +based on the namespace and name of the managed control plane. + +| `controlPlaneVersion` +| `string` +| ControlPlaneVersion represents the control plane version of the GKE cluster. +If not specified, the default version currently supported by GKE will be +used. + +| `enableAutopilot` +| `boolean` +| EnableAutopilot indicates whether to enable autopilot for this GKE cluster. + +| `endpoint` +| `object` +| Endpoint represents the endpoint used to communicate with the control plane. + +| `location` +| `string` +| Location represents the location (region or zone) in which the GKE cluster +will be created. + +| `master_authorized_networks_config` +| `object` +| MasterAuthorizedNetworksConfig represents configuration options for master authorized networks feature of the GKE cluster. +This feature is disabled if this field is not specified. + +| `project` +| `string` +| Project is the name of the project to deploy the cluster to. + +| `releaseChannel` +| `string` +| ReleaseChannel represents the release channel of the GKE cluster. + +|=== +=== .spec.endpoint +Description:: ++ +-- +Endpoint represents the endpoint used to communicate with the control plane. +-- + +Type:: + `object` + +Required:: + - `host` + - `port` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `host` +| `string` +| The hostname on which the API server is serving. + +| `port` +| `integer` +| The port on which the API server is serving. + +|=== +=== .spec.master_authorized_networks_config +Description:: ++ +-- +MasterAuthorizedNetworksConfig represents configuration options for master authorized networks feature of the GKE cluster. +This feature is disabled if this field is not specified. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidr_blocks` +| `array` +| cidr_blocks define up to 50 external networks that could access +Kubernetes master through HTTPS. + +| `cidr_blocks[]` +| `object` +| MasterAuthorizedNetworksConfigCidrBlock contains an optional name and one CIDR block. + +| `gcp_public_cidrs_access_enabled` +| `boolean` +| Whether master is accessible via Google Compute Engine Public IP addresses. + +|=== +=== .spec.master_authorized_networks_config.cidr_blocks +Description:: ++ +-- +cidr_blocks define up to 50 external networks that could access +Kubernetes master through HTTPS. +-- + +Type:: + `array` + + + + +=== .spec.master_authorized_networks_config.cidr_blocks[] +Description:: ++ +-- +MasterAuthorizedNetworksConfigCidrBlock contains an optional name and one CIDR block. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cidr_block` +| `string` +| cidr_block must be specified in CIDR notation. + +| `display_name` +| `string` +| display_name is an field for users to identify CIDR blocks. + +|=== +=== .status +Description:: ++ +-- +GCPManagedControlPlaneStatus defines the observed state of GCPManagedControlPlane. +-- + +Type:: + `object` + +Required:: + - `ready` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions specifies the conditions for the managed control plane + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `currentVersion` +| `string` +| CurrentVersion shows the current version of the GKE control plane. + +| `initialized` +| `boolean` +| Initialized is true when the control plane is available for initial contact. +This may occur before the control plane is fully ready. + +| `ready` +| `boolean` +| Ready denotes that the GCPManagedControlPlane API Server is ready to +receive requests. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions specifies the conditions for the managed control plane +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmanagedcontrolplanes` +- `GET`: list objects of kind GCPManagedControlPlane +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedcontrolplanes` +- `DELETE`: delete collection of GCPManagedControlPlane +- `GET`: list objects of kind GCPManagedControlPlane +- `POST`: create a GCPManagedControlPlane +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedcontrolplanes/{name}` +- `DELETE`: delete a GCPManagedControlPlane +- `GET`: read the specified GCPManagedControlPlane +- `PATCH`: partially update the specified GCPManagedControlPlane +- `PUT`: replace the specified GCPManagedControlPlane +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedcontrolplanes/{name}/status` +- `GET`: read status of the specified GCPManagedControlPlane +- `PATCH`: partially update status of the specified GCPManagedControlPlane +- `PUT`: replace status of the specified GCPManagedControlPlane + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmanagedcontrolplanes + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPManagedControlPlane + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedControlPlaneList[`GCPManagedControlPlaneList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedcontrolplanes + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPManagedControlPlane + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPManagedControlPlane + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedControlPlaneList[`GCPManagedControlPlaneList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPManagedControlPlane + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedcontrolplanes/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPManagedControlPlane +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPManagedControlPlane + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPManagedControlPlane + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPManagedControlPlane + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPManagedControlPlane + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedcontrolplanes/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPManagedControlPlane +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified GCPManagedControlPlane + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified GCPManagedControlPlane + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified GCPManagedControlPlane + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedControlPlane`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..33e20b7825 --- /dev/null +++ b/rest_api/cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,909 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1"] += GCPManagedMachinePool [infrastructure.cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +GCPManagedMachinePool is the Schema for the gcpmanagedmachinepools API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| GCPManagedMachinePoolSpec defines the desired state of GCPManagedMachinePool. + +| `status` +| `object` +| GCPManagedMachinePoolStatus defines the observed state of GCPManagedMachinePool. + +|=== +=== .spec +Description:: ++ +-- +GCPManagedMachinePoolSpec defines the desired state of GCPManagedMachinePool. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `additionalLabels` +| `object (string)` +| AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the +ones added by default. + +| `diskSizeGB` +| `integer` +| DiskSizeGB is size of the disk attached to each node, +specified in GB. + +| `diskSizeGb` +| `integer` +| DiskSizeGb is the size of the disk attached to each node, specified in GB. +The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB. + +| `diskType` +| `string` +| DiskType is type of the disk attached to each node. + +| `imageType` +| `string` +| ImageType is image type to use for this nodepool. + +| `instanceType` +| `string` +| InstanceType is name of Compute Engine machine type. + +| `kubernetesLabels` +| `object (string)` +| KubernetesLabels specifies the labels to apply to the nodes of the node pool. + +| `kubernetesTaints` +| `array` +| KubernetesTaints specifies the taints to apply to the nodes of the node pool. + +| `kubernetesTaints[]` +| `object` +| Taint represents a Kubernetes taint. + +| `linuxNodeConfig` +| `object` +| LinuxNodeConfig specifies the settings for Linux agent nodes. + +| `localSsdCount` +| `integer` +| LocalSsdCount is the number of local SSD disks to be attached to the node. + +| `machineType` +| `string` +| MachineType is the name of a Google Compute Engine [machine +type](https://cloud.google.com/compute/docs/machine-types). +If unspecified, the default machine type is `e2-medium`. + +| `management` +| `object` +| Management specifies the node pool management options. + +| `maxPodsPerNode` +| `integer` +| MaxPodsPerNode is constraint enforced on the max num of +pods per node. + +| `nodeLocations` +| `array (string)` +| NodeLocations is the list of zones in which the NodePool's +nodes should be located. + +| `nodeNetwork` +| `object` +| NodeNetwork specifies the node network configuration +options. + +| `nodePoolName` +| `string` +| NodePoolName specifies the name of the GKE node pool corresponding to this MachinePool. If you don't specify a name +then a default name will be created based on the namespace and name of the managed machine pool. + +| `nodeSecurity` +| `object` +| NodeSecurity specifies the node security options. + +| `providerIDList` +| `array (string)` +| ProviderIDList are the provider IDs of instances in the +managed instance group corresponding to the nodegroup represented by this +machine pool + +| `scaling` +| `object` +| Scaling specifies scaling for the node pool + +|=== +=== .spec.kubernetesTaints +Description:: ++ +-- +KubernetesTaints specifies the taints to apply to the nodes of the node pool. +-- + +Type:: + `array` + + + + +=== .spec.kubernetesTaints[] +Description:: ++ +-- +Taint represents a Kubernetes taint. +-- + +Type:: + `object` + +Required:: + - `effect` + - `key` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `effect` +| `string` +| Effect specifies the effect for the taint. + +| `key` +| `string` +| Key is the key of the taint + +| `value` +| `string` +| Value is the value of the taint + +|=== +=== .spec.linuxNodeConfig +Description:: ++ +-- +LinuxNodeConfig specifies the settings for Linux agent nodes. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `cgroupMode` +| `integer` +| CgroupMode specifies the cgroup mode for this node pool. + +| `sysctls` +| `array` +| Sysctls specifies the sysctl settings for this node pool. + +| `sysctls[]` +| `object` +| SysctlConfig specifies the sysctl settings for Linux nodes. + +|=== +=== .spec.linuxNodeConfig.sysctls +Description:: ++ +-- +Sysctls specifies the sysctl settings for this node pool. +-- + +Type:: + `array` + + + + +=== .spec.linuxNodeConfig.sysctls[] +Description:: ++ +-- +SysctlConfig specifies the sysctl settings for Linux nodes. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `parameter` +| `string` +| Parameter specifies sysctl parameter name. + +| `value` +| `string` +| Value specifies sysctl parameter value. + +|=== +=== .spec.management +Description:: ++ +-- +Management specifies the node pool management options. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `autoRepair` +| `boolean` +| AutoRepair specifies whether the node auto-repair is enabled for the node +pool. If enabled, the nodes in this node pool will be monitored and, if +they fail health checks too many times, an automatic repair action will be +triggered. + +| `autoUpgrade` +| `boolean` +| AutoUpgrade specifies whether node auto-upgrade is enabled for the node +pool. If enabled, node auto-upgrade helps keep the nodes in your node pool +up to date with the latest release version of Kubernetes. + +|=== +=== .spec.nodeNetwork +Description:: ++ +-- +NodeNetwork specifies the node network configuration +options. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `createPodRange` +| `boolean` +| CreatePodRange specifies whether to create a new range for +pod IPs in this node pool. + +| `podRangeCidrBlock` +| `string` +| PodRangeCidrBlock is the IP address range for pod IPs in +this node pool. + +| `podRangeName` +| `string` +| PodRangeName is ID of the secondary range for pod IPs. + +| `tags` +| `array (string)` +| Tags is list of instance tags applied to all nodes. Tags +are used to identify valid sources or targets for network +firewalls. + +|=== +=== .spec.nodeSecurity +Description:: ++ +-- +NodeSecurity specifies the node security options. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `enableIntegrityMonitoring` +| `boolean` +| EnableIntegrityMonitoring defines whether the instance has +integrity monitoring enabled. + +| `enableSecureBoot` +| `boolean` +| EnableSecureBoot defines whether the instance has Secure +Boot enabled. + +| `sandboxType` +| `string` +| SandboxType is type of the sandbox to use for the node. + +| `serviceAccount` +| `object` +| ServiceAccount specifies the identity details for node +pool. + +|=== +=== .spec.nodeSecurity.serviceAccount +Description:: ++ +-- +ServiceAccount specifies the identity details for node +pool. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `email` +| `string` +| Email is the Google Cloud Platform Service Account to be +used by the node VMs. + +| `scopes` +| `array (string)` +| Scopes is a set of Google API scopes to be made available +on all of the node VMs under the "default" service account. + +|=== +=== .spec.scaling +Description:: ++ +-- +Scaling specifies scaling for the node pool +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `enableAutoscaling` +| `boolean` +| Is autoscaling enabled for this node pool. If unspecified, the default value is true. + +| `locationPolicy` +| `string` +| Location policy used when scaling up a nodepool. + +| `maxCount` +| `integer` +| MaxCount specifies the maximum number of nodes in the node pool + +| `minCount` +| `integer` +| MinCount specifies the minimum number of nodes in the node pool + +|=== +=== .status +Description:: ++ +-- +GCPManagedMachinePoolStatus defines the observed state of GCPManagedMachinePool. +-- + +Type:: + `object` + +Required:: + - `ready` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions specifies the cpnditions for the managed machine pool + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `ready` +| `boolean` +| Ready denotes that the GCPManagedMachinePool has joined the cluster + +| `replicas` +| `integer` +| Replicas is the most recently observed number of replicas. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions specifies the cpnditions for the managed machine pool +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmanagedmachinepools` +- `GET`: list objects of kind GCPManagedMachinePool +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedmachinepools` +- `DELETE`: delete collection of GCPManagedMachinePool +- `GET`: list objects of kind GCPManagedMachinePool +- `POST`: create a GCPManagedMachinePool +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedmachinepools/{name}` +- `DELETE`: delete a GCPManagedMachinePool +- `GET`: read the specified GCPManagedMachinePool +- `PATCH`: partially update the specified GCPManagedMachinePool +- `PUT`: replace the specified GCPManagedMachinePool +* `/apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedmachinepools/{name}/status` +- `GET`: read status of the specified GCPManagedMachinePool +- `PATCH`: partially update status of the specified GCPManagedMachinePool +- `PUT`: replace status of the specified GCPManagedMachinePool + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/gcpmanagedmachinepools + + + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPManagedMachinePool + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedMachinePoolList[`GCPManagedMachinePoolList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedmachinepools + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of GCPManagedMachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind GCPManagedMachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedMachinePoolList[`GCPManagedMachinePoolList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a GCPManagedMachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 202 - Accepted +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedmachinepools/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPManagedMachinePool +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a GCPManagedMachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified GCPManagedMachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified GCPManagedMachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified GCPManagedMachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/gcpmanagedmachinepools/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the GCPManagedMachinePool +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified GCPManagedMachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified GCPManagedMachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified GCPManagedMachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 201 - Created +| xref:../cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[`GCPManagedMachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc similarity index 92% rename from rest_api/network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc rename to rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc index 66cbc42598..c6887430c4 100644 --- a/rest_api/network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc +++ b/rest_api/cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc @@ -104,7 +104,9 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid? |=== === .spec.poolRef @@ -129,7 +131,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -246,7 +250,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | |=== @@ -255,11 +259,11 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 201 - Created -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 202 - Accepted -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 401 - Unauthorized | Empty |=== @@ -320,7 +324,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 401 - Unauthorized | Empty |=== @@ -350,7 +354,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 401 - Unauthorized | Empty |=== @@ -379,7 +383,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | |=== @@ -388,9 +392,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 201 - Created -| xref:../network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema +| xref:../cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[`IPAddress`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc similarity index 89% rename from rest_api/network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc rename to rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc index 2f35014bce..c3c75cb408 100644 --- a/rest_api/network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc +++ b/rest_api/cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc @@ -92,7 +92,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -152,7 +154,9 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid? |=== === .status.conditions @@ -191,19 +195,26 @@ Required:: | `lastTransitionTime` | `string` -| Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. | `message` | `string` -| A human readable message indicating details about the transition. This field may be empty. +| A human readable message indicating details about the transition. +This field may be empty. | `reason` | `string` -| The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. | `severity` | `string` -| Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. | `status` | `string` @@ -211,7 +222,9 @@ Required:: | `type` | `string` -| Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. |=== @@ -324,7 +337,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | |=== @@ -333,11 +346,11 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 201 - Created -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 202 - Accepted -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== @@ -398,7 +411,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== @@ -428,7 +441,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== @@ -457,7 +470,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | |=== @@ -466,9 +479,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 201 - Created -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== @@ -500,7 +513,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== @@ -530,7 +543,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== @@ -559,7 +572,7 @@ Description:: |=== | Parameter | Type | Description | `body` -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | |=== @@ -568,9 +581,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 201 - Created -| xref:../network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema +| xref:../cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[`IPAddressClaim`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..1025c44e84 --- /dev/null +++ b/rest_api/cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,992 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machine-cluster-x-k8s-io-v1beta1"] += Machine [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +Machine is the Schema for the machines API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| MachineSpec defines the desired state of Machine. + +| `status` +| `object` +| MachineStatus defines the observed state of Machine. + +|=== +=== .spec +Description:: ++ +-- +MachineSpec defines the desired state of Machine. +-- + +Type:: + `object` + +Required:: + - `bootstrap` + - `clusterName` + - `infrastructureRef` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bootstrap` +| `object` +| Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `failureDomain` +| `string` +| FailureDomain is the failure domain the machine will be created in. +Must match a key in the FailureDomains map stored on the cluster object. + +| `infrastructureRef` +| `object` +| InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `providerID` +| `string` +| ProviderID is the identification ID of the machine provided by the provider. +This field must match the provider ID as seen on the node object corresponding to this machine. +This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler +with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out +machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a +generic out-of-tree provider for autoscaler, this field is required by autoscaler to be +able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver +and then a comparison is done to find out unregistered machines and are marked for delete. +This field will be set by the actuators and consumed by higher level entities like autoscaler that will +be interfacing with cluster-api as generic provider. + +| `version` +| `string` +| Version defines the desired Kubernetes version. +This field is meant to be optionally used by bootstrap providers. + +|=== +=== .spec.bootstrap +Description:: ++ +-- +Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configRef` +| `object` +| ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. + +| `dataSecretName` +| `string` +| DataSecretName is the name of the secret that stores the bootstrap data script. +If nil, the Machine should remain in the Pending state. + +|=== +=== .spec.bootstrap.configRef +Description:: ++ +-- +ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.infrastructureRef +Description:: ++ +-- +InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .status +Description:: ++ +-- +MachineStatus defines the observed state of Machine. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `addresses` +| `array` +| Addresses is a list of addresses assigned to the machine. +This field is copied from the infrastructure provider reference. + +| `addresses[]` +| `object` +| MachineAddress contains information for the node's address. + +| `bootstrapReady` +| `boolean` +| BootstrapReady is the state of the bootstrap provider. + +| `certificatesExpiryDate` +| `string` +| CertificatesExpiryDate is the expiry date of the machine certificates. +This value is only set for control plane machines. + +| `conditions` +| `array` +| Conditions defines current service state of the Machine. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `failureMessage` +| `string` +| FailureMessage will be set in the event that there is a terminal problem +reconciling the Machine and will contain a more verbose string suitable +for logging and human consumption. + + +This field should not be set for transitive errors that a controller +faces that are expected to be fixed automatically over +time (like service outages), but instead indicate that something is +fundamentally wrong with the Machine's spec or the configuration of +the controller, and that manual intervention is required. Examples +of terminal errors would be invalid combinations of settings in the +spec, values that are unsupported by the controller, or the +responsible controller itself being critically misconfigured. + + +Any transient errors that occur during the reconciliation of Machines +can be added as events to the Machine object and/or logged in the +controller's output. + +| `failureReason` +| `string` +| FailureReason will be set in the event that there is a terminal problem +reconciling the Machine and will contain a succinct value suitable +for machine interpretation. + + +This field should not be set for transitive errors that a controller +faces that are expected to be fixed automatically over +time (like service outages), but instead indicate that something is +fundamentally wrong with the Machine's spec or the configuration of +the controller, and that manual intervention is required. Examples +of terminal errors would be invalid combinations of settings in the +spec, values that are unsupported by the controller, or the +responsible controller itself being critically misconfigured. + + +Any transient errors that occur during the reconciliation of Machines +can be added as events to the Machine object and/or logged in the +controller's output. + +| `infrastructureReady` +| `boolean` +| InfrastructureReady is the state of the infrastructure provider. + +| `lastUpdated` +| `string` +| LastUpdated identifies when the phase of the Machine last transitioned. + +| `nodeInfo` +| `object` +| NodeInfo is a set of ids/uuids to uniquely identify the node. +More info: https://kubernetes.io/docs/concepts/nodes/node/#info + +| `nodeRef` +| `object` +| NodeRef will point to the corresponding Node if it exists. + +| `observedGeneration` +| `integer` +| ObservedGeneration is the latest generation observed by the controller. + +| `phase` +| `string` +| Phase represents the current phase of machine actuation. +E.g. Pending, Running, Terminating, Failed etc. + +|=== +=== .status.addresses +Description:: ++ +-- +Addresses is a list of addresses assigned to the machine. +This field is copied from the infrastructure provider reference. +-- + +Type:: + `array` + + + + +=== .status.addresses[] +Description:: ++ +-- +MachineAddress contains information for the node's address. +-- + +Type:: + `object` + +Required:: + - `address` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `address` +| `string` +| The machine address. + +| `type` +| `string` +| Machine address type, one of Hostname, ExternalIP, InternalIP, ExternalDNS or InternalDNS. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current service state of the Machine. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== +=== .status.nodeInfo +Description:: ++ +-- +NodeInfo is a set of ids/uuids to uniquely identify the node. +More info: https://kubernetes.io/docs/concepts/nodes/node/#info +-- + +Type:: + `object` + +Required:: + - `architecture` + - `bootID` + - `containerRuntimeVersion` + - `kernelVersion` + - `kubeProxyVersion` + - `kubeletVersion` + - `machineID` + - `operatingSystem` + - `osImage` + - `systemUUID` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `architecture` +| `string` +| The Architecture reported by the node + +| `bootID` +| `string` +| Boot ID reported by the node. + +| `containerRuntimeVersion` +| `string` +| ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). + +| `kernelVersion` +| `string` +| Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). + +| `kubeProxyVersion` +| `string` +| KubeProxy Version reported by the node. + +| `kubeletVersion` +| `string` +| Kubelet Version reported by the node. + +| `machineID` +| `string` +| MachineID reported by the node. For unique machine identification +in the cluster this field is preferred. Learn more from man(5) +machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html + +| `operatingSystem` +| `string` +| The Operating System reported by the node + +| `osImage` +| `string` +| OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). + +| `systemUUID` +| `string` +| SystemUUID reported by the node. For unique machine identification +MachineID is preferred. This field is specific to Red Hat hosts +https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + +|=== +=== .status.nodeRef +Description:: ++ +-- +NodeRef will point to the corresponding Node if it exists. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/machines` +- `GET`: list objects of kind Machine +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machines` +- `DELETE`: delete collection of Machine +- `GET`: list objects of kind Machine +- `POST`: create a Machine +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machines/{name}` +- `DELETE`: delete a Machine +- `GET`: read the specified Machine +- `PATCH`: partially update the specified Machine +- `PUT`: replace the specified Machine +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machines/{name}/status` +- `GET`: read status of the specified Machine +- `PATCH`: partially update status of the specified Machine +- `PUT`: replace status of the specified Machine + + +=== /apis/cluster.x-k8s.io/v1beta1/machines + + + +HTTP method:: + `GET` + +Description:: + list objects of kind Machine + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineList[`MachineList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machines + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of Machine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Machine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineList[`MachineList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a Machine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 201 - Created +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 202 - Accepted +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machines/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Machine +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a Machine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified Machine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified Machine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified Machine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 201 - Created +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machines/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Machine +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified Machine + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Machine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Machine + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 201 - Created +| xref:../cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[`Machine`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..69caa52f57 --- /dev/null +++ b/rest_api/cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,1205 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machinedeployment-cluster-x-k8s-io-v1beta1"] += MachineDeployment [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachineDeployment is the Schema for the machinedeployments API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| MachineDeploymentSpec defines the desired state of MachineDeployment. + +| `status` +| `object` +| MachineDeploymentStatus defines the observed state of MachineDeployment. + +|=== +=== .spec +Description:: ++ +-- +MachineDeploymentSpec defines the desired state of MachineDeployment. +-- + +Type:: + `object` + +Required:: + - `clusterName` + - `selector` + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `minReadySeconds` +| `integer` +| MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. +Defaults to 0 (machine will be considered available as soon as the Node is ready) + +| `paused` +| `boolean` +| Indicates that the deployment is paused. + +| `progressDeadlineSeconds` +| `integer` +| The maximum time in seconds for a deployment to make progress before it +is considered to be failed. The deployment controller will continue to +process failed deployments and a condition with a ProgressDeadlineExceeded +reason will be surfaced in the deployment status. Note that progress will +not be estimated during the time a deployment is paused. Defaults to 600s. + +| `replicas` +| `integer` +| Number of desired machines. +This is a pointer to distinguish between explicit zero and not specified. + + +Defaults to: +* if the Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineDeployment, use min size + - if the replicas field of the old MachineDeployment is < min size, use min size + - if the replicas field of the old MachineDeployment is > max size, use max size + - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD +* otherwise use 1 +Note: Defaulting will be run whenever the replicas field is not set: +* A new MachineDeployment is created with replicas not set. +* On an existing MachineDeployment the replicas field was first set and is now unset. +Those cases are especially relevant for the following Kubernetes autoscaler use cases: +* A new MachineDeployment is created and replicas should be managed by the autoscaler +* An existing MachineDeployment which initially wasn't controlled by the autoscaler + should be later controlled by the autoscaler + +| `revisionHistoryLimit` +| `integer` +| The number of old MachineSets to retain to allow rollback. +This is a pointer to distinguish between explicit zero and not specified. +Defaults to 1. + +| `rolloutAfter` +| `string` +| RolloutAfter is a field to indicate a rollout should be performed +after the specified time even if no changes have been made to the +MachineDeployment. +Example: In the YAML the time can be specified in the RFC3339 format. +To specify the rolloutAfter target as March 9, 2023, at 9 am UTC +use "2023-03-09T09:00:00Z". + +| `selector` +| `object` +| Label selector for machines. Existing MachineSets whose machines are +selected by this will be the ones affected by this deployment. +It must match the machine template's labels. + +| `strategy` +| `object` +| The deployment strategy to use to replace existing machines with +new ones. + +| `template` +| `object` +| Template describes the machines that will be created. + +|=== +=== .spec.selector +Description:: ++ +-- +Label selector for machines. Existing MachineSets whose machines are +selected by this will be the ones affected by this deployment. +It must match the machine template's labels. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `matchExpressions` +| `array` +| matchExpressions is a list of label selector requirements. The requirements are ANDed. + +| `matchExpressions[]` +| `object` +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + +| `matchLabels` +| `object (string)` +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. + +|=== +=== .spec.selector.matchExpressions +Description:: ++ +-- +matchExpressions is a list of label selector requirements. The requirements are ANDed. +-- + +Type:: + `array` + + + + +=== .spec.selector.matchExpressions[] +Description:: ++ +-- +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. +-- + +Type:: + `object` + +Required:: + - `key` + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the label key that the selector applies to. + +| `operator` +| `string` +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. + +| `values` +| `array (string)` +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. + +|=== +=== .spec.strategy +Description:: ++ +-- +The deployment strategy to use to replace existing machines with +new ones. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rollingUpdate` +| `object` +| Rolling update config params. Present only if +MachineDeploymentStrategyType = RollingUpdate. + +| `type` +| `string` +| Type of deployment. Allowed values are RollingUpdate and OnDelete. +The default is RollingUpdate. + +|=== +=== .spec.strategy.rollingUpdate +Description:: ++ +-- +Rolling update config params. Present only if +MachineDeploymentStrategyType = RollingUpdate. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `deletePolicy` +| `string` +| DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. +Valid values are "Random, "Newest", "Oldest" +When no value is supplied, the default DeletePolicy of MachineSet is used + +| `maxSurge` +| `integer-or-string` +| The maximum number of machines that can be scheduled above the +desired number of machines. +Value can be an absolute number (ex: 5) or a percentage of +desired machines (ex: 10%). +This can not be 0 if MaxUnavailable is 0. +Absolute number is calculated from percentage by rounding up. +Defaults to 1. +Example: when this is set to 30%, the new MachineSet can be scaled +up immediately when the rolling update starts, such that the total +number of old and new machines do not exceed 130% of desired +machines. Once old machines have been killed, new MachineSet can +be scaled up further, ensuring that total number of machines running +at any time during the update is at most 130% of desired machines. + +| `maxUnavailable` +| `integer-or-string` +| The maximum number of machines that can be unavailable during the update. +Value can be an absolute number (ex: 5) or a percentage of desired +machines (ex: 10%). +Absolute number is calculated from percentage by rounding down. +This can not be 0 if MaxSurge is 0. +Defaults to 0. +Example: when this is set to 30%, the old MachineSet can be scaled +down to 70% of desired machines immediately when the rolling update +starts. Once new machines are ready, old MachineSet can be scaled +down further, followed by scaling up the new MachineSet, ensuring +that the total number of machines available at all times +during the update is at least 70% of desired machines. + +|=== +=== .spec.template +Description:: ++ +-- +Template describes the machines that will be created. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `metadata` +| `object` +| Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Specification of the desired behavior of the machine. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + +|=== +=== .spec.template.metadata +Description:: ++ +-- +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.template.spec +Description:: ++ +-- +Specification of the desired behavior of the machine. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +-- + +Type:: + `object` + +Required:: + - `bootstrap` + - `clusterName` + - `infrastructureRef` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bootstrap` +| `object` +| Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `failureDomain` +| `string` +| FailureDomain is the failure domain the machine will be created in. +Must match a key in the FailureDomains map stored on the cluster object. + +| `infrastructureRef` +| `object` +| InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `providerID` +| `string` +| ProviderID is the identification ID of the machine provided by the provider. +This field must match the provider ID as seen on the node object corresponding to this machine. +This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler +with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out +machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a +generic out-of-tree provider for autoscaler, this field is required by autoscaler to be +able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver +and then a comparison is done to find out unregistered machines and are marked for delete. +This field will be set by the actuators and consumed by higher level entities like autoscaler that will +be interfacing with cluster-api as generic provider. + +| `version` +| `string` +| Version defines the desired Kubernetes version. +This field is meant to be optionally used by bootstrap providers. + +|=== +=== .spec.template.spec.bootstrap +Description:: ++ +-- +Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configRef` +| `object` +| ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. + +| `dataSecretName` +| `string` +| DataSecretName is the name of the secret that stores the bootstrap data script. +If nil, the Machine should remain in the Pending state. + +|=== +=== .spec.template.spec.bootstrap.configRef +Description:: ++ +-- +ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.template.spec.infrastructureRef +Description:: ++ +-- +InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .status +Description:: ++ +-- +MachineDeploymentStatus defines the observed state of MachineDeployment. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `availableReplicas` +| `integer` +| Total number of available machines (ready for at least minReadySeconds) +targeted by this deployment. + +| `conditions` +| `array` +| Conditions defines current service state of the MachineDeployment. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `observedGeneration` +| `integer` +| The generation observed by the deployment controller. + +| `phase` +| `string` +| Phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown). + +| `readyReplicas` +| `integer` +| Total number of ready machines targeted by this deployment. + +| `replicas` +| `integer` +| Total number of non-terminated machines targeted by this deployment +(their labels match the selector). + +| `selector` +| `string` +| Selector is the same as the label selector but in the string format to avoid introspection +by clients. The string will be in the same format as the query-param syntax. +More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + +| `unavailableReplicas` +| `integer` +| Total number of unavailable machines targeted by this deployment. +This is the total number of machines that are still required for +the deployment to have 100% available capacity. They may either +be machines that are running but not yet available or machines +that still have not been created. + +| `updatedReplicas` +| `integer` +| Total number of non-terminated machines targeted by this deployment +that have the desired template spec. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current service state of the MachineDeployment. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/machinedeployments` +- `GET`: list objects of kind MachineDeployment +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments` +- `DELETE`: delete collection of MachineDeployment +- `GET`: list objects of kind MachineDeployment +- `POST`: create a MachineDeployment +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments/{name}` +- `DELETE`: delete a MachineDeployment +- `GET`: read the specified MachineDeployment +- `PATCH`: partially update the specified MachineDeployment +- `PUT`: replace the specified MachineDeployment +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments/{name}/scale` +- `GET`: read scale of the specified MachineDeployment +- `PATCH`: partially update scale of the specified MachineDeployment +- `PUT`: replace scale of the specified MachineDeployment +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments/{name}/status` +- `GET`: read status of the specified MachineDeployment +- `PATCH`: partially update status of the specified MachineDeployment +- `PUT`: replace status of the specified MachineDeployment + + +=== /apis/cluster.x-k8s.io/v1beta1/machinedeployments + + + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineDeployment + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineDeploymentList[`MachineDeploymentList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachineDeployment + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineDeployment + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineDeploymentList[`MachineDeploymentList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 201 - Created +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 202 - Accepted +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineDeployment +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachineDeployment + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 201 - Created +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments/{name}/scale + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineDeployment +|=== + + +HTTP method:: + `GET` + +Description:: + read scale of the specified MachineDeployment + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update scale of the specified MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace scale of the specified MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 201 - Created +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinedeployments/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineDeployment +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachineDeployment + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachineDeployment + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 201 - Created +| xref:../cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[`MachineDeployment`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..876432cbc0 --- /dev/null +++ b/rest_api/cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,796 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machinehealthcheck-cluster-x-k8s-io-v1beta1"] += MachineHealthCheck [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachineHealthCheck is the Schema for the machinehealthchecks API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Specification of machine health check policy + +| `status` +| `object` +| Most recently observed status of MachineHealthCheck resource + +|=== +=== .spec +Description:: ++ +-- +Specification of machine health check policy +-- + +Type:: + `object` + +Required:: + - `clusterName` + - `selector` + - `unhealthyConditions` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `maxUnhealthy` +| `integer-or-string` +| Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by +"selector" are not healthy. + +| `nodeStartupTimeout` +| `string` +| Machines older than this duration without a node will be considered to have +failed and will be remediated. +If not set, this value is defaulted to 10 minutes. +If you wish to disable this feature, set the value explicitly to 0. + +| `remediationTemplate` +| `object` +| RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. + +| `selector` +| `object` +| Label selector to match machines whose health will be exercised + +| `unhealthyConditions` +| `array` +| UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. + +| `unhealthyConditions[]` +| `object` +| UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. + +| `unhealthyRange` +| `string` +| Any further remediation is only allowed if the number of machines selected by "selector" as not healthy +is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. +Eg. "[3-5]" - This means that remediation will be allowed only when: +(a) there are at least 3 unhealthy machines (and) +(b) there are at most 5 unhealthy machines + +|=== +=== .spec.remediationTemplate +Description:: ++ +-- +RemediationTemplate is a reference to a remediation template +provided by an infrastructure provider. + + +This field is completely optional, when filled, the MachineHealthCheck controller +creates a new object from the template referenced and hands off remediation of the machine to +a controller that lives outside of Cluster API. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.selector +Description:: ++ +-- +Label selector to match machines whose health will be exercised +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `matchExpressions` +| `array` +| matchExpressions is a list of label selector requirements. The requirements are ANDed. + +| `matchExpressions[]` +| `object` +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + +| `matchLabels` +| `object (string)` +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. + +|=== +=== .spec.selector.matchExpressions +Description:: ++ +-- +matchExpressions is a list of label selector requirements. The requirements are ANDed. +-- + +Type:: + `array` + + + + +=== .spec.selector.matchExpressions[] +Description:: ++ +-- +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. +-- + +Type:: + `object` + +Required:: + - `key` + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the label key that the selector applies to. + +| `operator` +| `string` +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. + +| `values` +| `array (string)` +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. + +|=== +=== .spec.unhealthyConditions +Description:: ++ +-- +UnhealthyConditions contains a list of the conditions that determine +whether a node is considered unhealthy. The conditions are combined in a +logical OR, i.e. if any of the conditions is met, the node is unhealthy. +-- + +Type:: + `array` + + + + +=== .spec.unhealthyConditions[] +Description:: ++ +-- +UnhealthyCondition represents a Node condition type and value with a timeout +specified as a duration. When the named condition has been in the given +status for at least the timeout value, a node is considered unhealthy. +-- + +Type:: + `object` + +Required:: + - `status` + - `timeout` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `status` +| `string` +| + +| `timeout` +| `string` +| + +| `type` +| `string` +| + +|=== +=== .status +Description:: ++ +-- +Most recently observed status of MachineHealthCheck resource +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| Conditions defines current service state of the MachineHealthCheck. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `currentHealthy` +| `integer` +| total number of healthy machines counted by this machine health check + +| `expectedMachines` +| `integer` +| total number of machines counted by this machine health check + +| `observedGeneration` +| `integer` +| ObservedGeneration is the latest generation observed by the controller. + +| `remediationsAllowed` +| `integer` +| RemediationsAllowed is the number of further remediations allowed by this machine health check before +maxUnhealthy short circuiting will be applied + +| `targets` +| `array (string)` +| Targets shows the current list of machines the machine health check is watching + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current service state of the MachineHealthCheck. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/machinehealthchecks` +- `GET`: list objects of kind MachineHealthCheck +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinehealthchecks` +- `DELETE`: delete collection of MachineHealthCheck +- `GET`: list objects of kind MachineHealthCheck +- `POST`: create a MachineHealthCheck +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinehealthchecks/{name}` +- `DELETE`: delete a MachineHealthCheck +- `GET`: read the specified MachineHealthCheck +- `PATCH`: partially update the specified MachineHealthCheck +- `PUT`: replace the specified MachineHealthCheck +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinehealthchecks/{name}/status` +- `GET`: read status of the specified MachineHealthCheck +- `PATCH`: partially update status of the specified MachineHealthCheck +- `PUT`: replace status of the specified MachineHealthCheck + + +=== /apis/cluster.x-k8s.io/v1beta1/machinehealthchecks + + + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineHealthCheck + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineHealthCheckList[`MachineHealthCheckList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinehealthchecks + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachineHealthCheck + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineHealthCheck + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineHealthCheckList[`MachineHealthCheckList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachineHealthCheck + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 201 - Created +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 202 - Accepted +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinehealthchecks/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineHealthCheck +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachineHealthCheck + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachineHealthCheck + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachineHealthCheck + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachineHealthCheck + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 201 - Created +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinehealthchecks/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineHealthCheck +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachineHealthCheck + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachineHealthCheck + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachineHealthCheck + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 201 - Created +| xref:../cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[`MachineHealthCheck`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..abd9c7755e --- /dev/null +++ b/rest_api/cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,1108 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machinepool-cluster-x-k8s-io-v1beta1"] += MachinePool [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachinePool is the Schema for the machinepools API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| MachinePoolSpec defines the desired state of MachinePool. + +| `status` +| `object` +| MachinePoolStatus defines the observed state of MachinePool. + +|=== +=== .spec +Description:: ++ +-- +MachinePoolSpec defines the desired state of MachinePool. +-- + +Type:: + `object` + +Required:: + - `clusterName` + - `template` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `failureDomains` +| `array (string)` +| FailureDomains is the list of failure domains this MachinePool should be attached to. + +| `minReadySeconds` +| `integer` +| Minimum number of seconds for which a newly created machine instances should +be ready. +Defaults to 0 (machine instance will be considered available as soon as it +is ready) +NOTE: No logic is implemented for this field and it currently has no behaviour. + +| `providerIDList` +| `array (string)` +| ProviderIDList are the identification IDs of machine instances provided by the provider. +This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. + +| `replicas` +| `integer` +| Number of desired machines. Defaults to 1. +This is a pointer to distinguish between explicit zero and not specified. + +| `template` +| `object` +| Template describes the machines that will be created. + +|=== +=== .spec.template +Description:: ++ +-- +Template describes the machines that will be created. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `metadata` +| `object` +| Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Specification of the desired behavior of the machine. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + +|=== +=== .spec.template.metadata +Description:: ++ +-- +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.template.spec +Description:: ++ +-- +Specification of the desired behavior of the machine. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +-- + +Type:: + `object` + +Required:: + - `bootstrap` + - `clusterName` + - `infrastructureRef` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bootstrap` +| `object` +| Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `failureDomain` +| `string` +| FailureDomain is the failure domain the machine will be created in. +Must match a key in the FailureDomains map stored on the cluster object. + +| `infrastructureRef` +| `object` +| InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `providerID` +| `string` +| ProviderID is the identification ID of the machine provided by the provider. +This field must match the provider ID as seen on the node object corresponding to this machine. +This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler +with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out +machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a +generic out-of-tree provider for autoscaler, this field is required by autoscaler to be +able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver +and then a comparison is done to find out unregistered machines and are marked for delete. +This field will be set by the actuators and consumed by higher level entities like autoscaler that will +be interfacing with cluster-api as generic provider. + +| `version` +| `string` +| Version defines the desired Kubernetes version. +This field is meant to be optionally used by bootstrap providers. + +|=== +=== .spec.template.spec.bootstrap +Description:: ++ +-- +Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configRef` +| `object` +| ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. + +| `dataSecretName` +| `string` +| DataSecretName is the name of the secret that stores the bootstrap data script. +If nil, the Machine should remain in the Pending state. + +|=== +=== .spec.template.spec.bootstrap.configRef +Description:: ++ +-- +ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.template.spec.infrastructureRef +Description:: ++ +-- +InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .status +Description:: ++ +-- +MachinePoolStatus defines the observed state of MachinePool. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `availableReplicas` +| `integer` +| The number of available replicas (ready for at least minReadySeconds) for this MachinePool. + +| `bootstrapReady` +| `boolean` +| BootstrapReady is the state of the bootstrap provider. + +| `conditions` +| `array` +| Conditions define the current service state of the MachinePool. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `failureMessage` +| `string` +| FailureMessage indicates that there is a problem reconciling the state, +and will be set to a descriptive error message. + +| `failureReason` +| `string` +| FailureReason indicates that there is a problem reconciling the state, and +will be set to a token value suitable for programmatic interpretation. + +| `infrastructureReady` +| `boolean` +| InfrastructureReady is the state of the infrastructure provider. + +| `nodeRefs` +| `array` +| NodeRefs will point to the corresponding Nodes if it they exist. + +| `nodeRefs[]` +| `object` +| ObjectReference contains enough information to let you inspect or modify the referred object. +--- +New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + +Instead of using this type, create a locally provided and used type that is well-focused on your reference. +For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . + +| `observedGeneration` +| `integer` +| ObservedGeneration is the latest generation observed by the controller. + +| `phase` +| `string` +| Phase represents the current phase of cluster actuation. +E.g. Pending, Running, Terminating, Failed etc. + +| `readyReplicas` +| `integer` +| The number of ready replicas for this MachinePool. A machine is considered ready when the node has been created and is "Ready". + +| `replicas` +| `integer` +| Replicas is the most recently observed number of replicas. + +| `unavailableReplicas` +| `integer` +| Total number of unavailable machine instances targeted by this machine pool. +This is the total number of machine instances that are still required for +the machine pool to have 100% available capacity. They may either +be machine instances that are running but not yet available or machine instances +that still have not been created. + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions define the current service state of the MachinePool. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== +=== .status.nodeRefs +Description:: ++ +-- +NodeRefs will point to the corresponding Nodes if it they exist. +-- + +Type:: + `array` + + + + +=== .status.nodeRefs[] +Description:: ++ +-- +ObjectReference contains enough information to let you inspect or modify the referred object. +--- +New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + +Instead of using this type, create a locally provided and used type that is well-focused on your reference. +For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/machinepools` +- `GET`: list objects of kind MachinePool +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools` +- `DELETE`: delete collection of MachinePool +- `GET`: list objects of kind MachinePool +- `POST`: create a MachinePool +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools/{name}` +- `DELETE`: delete a MachinePool +- `GET`: read the specified MachinePool +- `PATCH`: partially update the specified MachinePool +- `PUT`: replace the specified MachinePool +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools/{name}/scale` +- `GET`: read scale of the specified MachinePool +- `PATCH`: partially update scale of the specified MachinePool +- `PUT`: replace scale of the specified MachinePool +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools/{name}/status` +- `GET`: read status of the specified MachinePool +- `PATCH`: partially update status of the specified MachinePool +- `PUT`: replace status of the specified MachinePool + + +=== /apis/cluster.x-k8s.io/v1beta1/machinepools + + + +HTTP method:: + `GET` + +Description:: + list objects of kind MachinePool + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachinePoolList[`MachinePoolList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachinePoolList[`MachinePoolList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 201 - Created +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 202 - Accepted +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachinePool +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 201 - Created +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools/{name}/scale + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachinePool +|=== + + +HTTP method:: + `GET` + +Description:: + read scale of the specified MachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update scale of the specified MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace scale of the specified MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 201 - Created +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinepools/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachinePool +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachinePool + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachinePool + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 201 - Created +| xref:../cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[`MachinePool`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc b/rest_api/cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..610afed700 --- /dev/null +++ b/rest_api/cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc @@ -0,0 +1,1110 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machineset-cluster-x-k8s-io-v1beta1"] += MachineSet [cluster.x-k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachineSet is the Schema for the machinesets API. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| MachineSetSpec defines the desired state of MachineSet. + +| `status` +| `object` +| MachineSetStatus defines the observed state of MachineSet. + +|=== +=== .spec +Description:: ++ +-- +MachineSetSpec defines the desired state of MachineSet. +-- + +Type:: + `object` + +Required:: + - `clusterName` + - `selector` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `deletePolicy` +| `string` +| DeletePolicy defines the policy used to identify nodes to delete when downscaling. +Defaults to "Random". Valid values are "Random, "Newest", "Oldest" + +| `minReadySeconds` +| `integer` +| MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. +Defaults to 0 (machine will be considered available as soon as the Node is ready) + +| `replicas` +| `integer` +| Replicas is the number of desired replicas. +This is a pointer to distinguish between explicit zero and unspecified. + + +Defaults to: +* if the Kubernetes autoscaler min size and max size annotations are set: + - if it's a new MachineSet, use min size + - if the replicas field of the old MachineSet is < min size, use min size + - if the replicas field of the old MachineSet is > max size, use max size + - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS +* otherwise use 1 +Note: Defaulting will be run whenever the replicas field is not set: +* A new MachineSet is created with replicas not set. +* On an existing MachineSet the replicas field was first set and is now unset. +Those cases are especially relevant for the following Kubernetes autoscaler use cases: +* A new MachineSet is created and replicas should be managed by the autoscaler +* An existing MachineSet which initially wasn't controlled by the autoscaler + should be later controlled by the autoscaler + +| `selector` +| `object` +| Selector is a label query over machines that should match the replica count. +Label keys and values that must match in order to be controlled by this MachineSet. +It must match the machine template's labels. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + +| `template` +| `object` +| Template is the object that describes the machine that will be created if +insufficient replicas are detected. +Object references to custom resources are treated as templates. + +|=== +=== .spec.selector +Description:: ++ +-- +Selector is a label query over machines that should match the replica count. +Label keys and values that must match in order to be controlled by this MachineSet. +It must match the machine template's labels. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `matchExpressions` +| `array` +| matchExpressions is a list of label selector requirements. The requirements are ANDed. + +| `matchExpressions[]` +| `object` +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + +| `matchLabels` +| `object (string)` +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. + +|=== +=== .spec.selector.matchExpressions +Description:: ++ +-- +matchExpressions is a list of label selector requirements. The requirements are ANDed. +-- + +Type:: + `array` + + + + +=== .spec.selector.matchExpressions[] +Description:: ++ +-- +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. +-- + +Type:: + `object` + +Required:: + - `key` + - `operator` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the label key that the selector applies to. + +| `operator` +| `string` +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. + +| `values` +| `array (string)` +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. + +|=== +=== .spec.template +Description:: ++ +-- +Template is the object that describes the machine that will be created if +insufficient replicas are detected. +Object references to custom resources are treated as templates. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `metadata` +| `object` +| Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| Specification of the desired behavior of the machine. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + +|=== +=== .spec.template.metadata +Description:: ++ +-- +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `annotations` +| `object (string)` +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations + +| `labels` +| `object (string)` +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels + +|=== +=== .spec.template.spec +Description:: ++ +-- +Specification of the desired behavior of the machine. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +-- + +Type:: + `object` + +Required:: + - `bootstrap` + - `clusterName` + - `infrastructureRef` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `bootstrap` +| `object` +| Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. + +| `clusterName` +| `string` +| ClusterName is the name of the Cluster this object belongs to. + +| `failureDomain` +| `string` +| FailureDomain is the failure domain the machine will be created in. +Must match a key in the FailureDomains map stored on the cluster object. + +| `infrastructureRef` +| `object` +| InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. + +| `nodeDeletionTimeout` +| `string` +| NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine +hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. +Defaults to 10 seconds. + +| `nodeDrainTimeout` +| `string` +| NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. +The default value is 0, meaning that the node can be drained without any time limitations. +NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + +| `nodeVolumeDetachTimeout` +| `string` +| NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes +to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. + +| `providerID` +| `string` +| ProviderID is the identification ID of the machine provided by the provider. +This field must match the provider ID as seen on the node object corresponding to this machine. +This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler +with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out +machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a +generic out-of-tree provider for autoscaler, this field is required by autoscaler to be +able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver +and then a comparison is done to find out unregistered machines and are marked for delete. +This field will be set by the actuators and consumed by higher level entities like autoscaler that will +be interfacing with cluster-api as generic provider. + +| `version` +| `string` +| Version defines the desired Kubernetes version. +This field is meant to be optionally used by bootstrap providers. + +|=== +=== .spec.template.spec.bootstrap +Description:: ++ +-- +Bootstrap is a reference to a local struct which encapsulates +fields to configure the Machine’s bootstrapping mechanism. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configRef` +| `object` +| ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. + +| `dataSecretName` +| `string` +| DataSecretName is the name of the secret that stores the bootstrap data script. +If nil, the Machine should remain in the Pending state. + +|=== +=== .spec.template.spec.bootstrap.configRef +Description:: ++ +-- +ConfigRef is a reference to a bootstrap provider-specific resource +that holds configuration details. The reference is optional to +allow users/operators to specify Bootstrap.DataSecretName without +the need of a controller. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .spec.template.spec.infrastructureRef +Description:: ++ +-- +InfrastructureRef is a required reference to a custom resource +offered by an infrastructure provider. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| API version of the referent. + +| `fieldPath` +| `string` +| If referring to a piece of an object instead of an entire object, this string +should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. +For example, if the object reference is to a container within a pod, this would take on a value like: +"spec.containers{name}" (where "name" refers to the name of the container that triggered +the event) or if no container name is specified "spec.containers[2]" (container with +index 2 in this pod). This syntax is chosen only to have some well-defined way of +referencing a part of an object. +TODO: this design is not final and this field is subject to change in the future. + +| `kind` +| `string` +| Kind of the referent. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `name` +| `string` +| Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + +| `namespace` +| `string` +| Namespace of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +| `resourceVersion` +| `string` +| Specific resourceVersion to which this reference is made, if any. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + +| `uid` +| `string` +| UID of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + +|=== +=== .status +Description:: ++ +-- +MachineSetStatus defines the observed state of MachineSet. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `availableReplicas` +| `integer` +| The number of available replicas (ready for at least minReadySeconds) for this MachineSet. + +| `conditions` +| `array` +| Conditions defines current service state of the MachineSet. + +| `conditions[]` +| `object` +| Condition defines an observation of a Cluster API resource operational state. + +| `failureMessage` +| `string` +| + +| `failureReason` +| `string` +| In the event that there is a terminal problem reconciling the +replicas, both FailureReason and FailureMessage will be set. FailureReason +will be populated with a succinct value suitable for machine +interpretation, while FailureMessage will contain a more verbose +string suitable for logging and human consumption. + + +These fields should not be set for transitive errors that a +controller faces that are expected to be fixed automatically over +time (like service outages), but instead indicate that something is +fundamentally wrong with the MachineTemplate's spec or the configuration of +the machine controller, and that manual intervention is required. Examples +of terminal errors would be invalid combinations of settings in the +spec, values that are unsupported by the machine controller, or the +responsible machine controller itself being critically misconfigured. + + +Any transient errors that occur during the reconciliation of Machines +can be added as events to the MachineSet object and/or logged in the +controller's output. + +| `fullyLabeledReplicas` +| `integer` +| The number of replicas that have labels matching the labels of the machine template of the MachineSet. + +| `observedGeneration` +| `integer` +| ObservedGeneration reflects the generation of the most recently observed MachineSet. + +| `readyReplicas` +| `integer` +| The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is "Ready". + +| `replicas` +| `integer` +| Replicas is the most recently observed number of replicas. + +| `selector` +| `string` +| Selector is the same as the label selector but in the string format to avoid introspection +by clients. The string will be in the same format as the query-param syntax. +More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors + +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines current service state of the MachineSet. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Cluster API resource operational state. +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when +the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. +This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. +The specific API may choose whether or not this field is considered a guaranteed API. +This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately +understand the current situation and act accordingly. +The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions +can be useful (see .node.status.conditions), the ability to deconflict is important. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/cluster.x-k8s.io/v1beta1/machinesets` +- `GET`: list objects of kind MachineSet +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets` +- `DELETE`: delete collection of MachineSet +- `GET`: list objects of kind MachineSet +- `POST`: create a MachineSet +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets/{name}` +- `DELETE`: delete a MachineSet +- `GET`: read the specified MachineSet +- `PATCH`: partially update the specified MachineSet +- `PUT`: replace the specified MachineSet +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets/{name}/scale` +- `GET`: read scale of the specified MachineSet +- `PATCH`: partially update scale of the specified MachineSet +- `PUT`: replace scale of the specified MachineSet +* `/apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets/{name}/status` +- `GET`: read status of the specified MachineSet +- `PATCH`: partially update status of the specified MachineSet +- `PUT`: replace status of the specified MachineSet + + +=== /apis/cluster.x-k8s.io/v1beta1/machinesets + + + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineSet + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineSetList[`MachineSetList`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachineSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.x-k8s.cluster.v1beta1.MachineSetList[`MachineSetList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 201 - Created +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 202 - Accepted +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineSet +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachineSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 201 - Created +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets/{name}/scale + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineSet +|=== + + +HTTP method:: + `GET` + +Description:: + read scale of the specified MachineSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update scale of the specified MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace scale of the specified MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 201 - Created +| xref:../autoscale_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/cluster.x-k8s.io/v1beta1/namespaces/{namespace}/machinesets/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineSet +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachineSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachineSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 201 - Created +| xref:../cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[`MachineSet`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc index 33f5f9c426..58ea90dd74 100644 --- a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc @@ -70,6 +70,15 @@ Type:: | `object` | oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config. +| `oidcProviders` +| `array` +| OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if "Type" is set to "OIDC". + At most one provider can be configured. + +| `oidcProviders[]` +| `object` +| + | `serviceAccountIssuer` | `string` | serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption. @@ -115,6 +124,390 @@ Required:: | `string` | name is the metadata.name of the referenced config map +|=== +=== .spec.oidcProviders +Description:: ++ +-- +OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if "Type" is set to "OIDC". + At most one provider can be configured. +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `issuer` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claimMappings` +| `object` +| ClaimMappings describes rules on how to transform information from an ID token into a cluster identity + +| `claimValidationRules` +| `array` +| ClaimValidationRules are rules that are applied to validate token claims to authenticate users. + +| `claimValidationRules[]` +| `object` +| + +| `issuer` +| `object` +| Issuer describes atributes of the OIDC token issuer + +| `name` +| `string` +| Name of the OIDC provider + +| `oidcClients` +| `array` +| OIDCClients contains configuration for the platform's clients that need to request tokens from the issuer + +| `oidcClients[]` +| `object` +| + +|=== +=== .spec.oidcProviders[].claimMappings +Description:: ++ +-- +ClaimMappings describes rules on how to transform information from an ID token into a cluster identity +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `groups` +| `object` +| Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values. + +| `username` +| `object` +| Username is a name of the claim that should be used to construct usernames for the cluster identity. + Default value: "sub" + +|=== +=== .spec.oidcProviders[].claimMappings.groups +Description:: ++ +-- +Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values. +-- + +Type:: + `object` + +Required:: + - `claim` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| Claim is a JWT token claim to be used in the mapping + +| `prefix` +| `string` +| Prefix is a string to prefix the value from the token in the result of the claim mapping. + By default, no prefixing occurs. + Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". + +|=== +=== .spec.oidcProviders[].claimMappings.username +Description:: ++ +-- +Username is a name of the claim that should be used to construct usernames for the cluster identity. + Default value: "sub" +-- + +Type:: + `object` + +Required:: + - `claim` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| Claim is a JWT token claim to be used in the mapping + +| `prefix` +| `object` +| + +| `prefixPolicy` +| `string` +| PrefixPolicy specifies how a prefix should apply. + By default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins. + Set to "NoPrefix" to disable prefixing. + Example: (1) `prefix` is set to "myoidc:" and `claim` is set to "username". If the JWT claim `username` contains value `userA`, the resulting mapped value will be "myoidc:userA". (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the JWT `email` claim contains value "userA@myoidc.tld", the resulting mapped value will be "myoidc:userA@myoidc.tld". (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", and `claim` is set to: (a) "username": the mapped value will be "https://myoidc.tld#userA" (b) "email": the mapped value will be "userA@myoidc.tld" + +|=== +=== .spec.oidcProviders[].claimMappings.username.prefix +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `prefixString` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `prefixString` +| `string` +| + +|=== +=== .spec.oidcProviders[].claimValidationRules +Description:: ++ +-- +ClaimValidationRules are rules that are applied to validate token claims to authenticate users. +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[].claimValidationRules[] +Description:: ++ +-- + +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `requiredClaim` +| `object` +| RequiredClaim allows configuring a required claim name and its expected value + +| `type` +| `string` +| Type sets the type of the validation rule + +|=== +=== .spec.oidcProviders[].claimValidationRules[].requiredClaim +Description:: ++ +-- +RequiredClaim allows configuring a required claim name and its expected value +-- + +Type:: + `object` + +Required:: + - `claim` + - `requiredValue` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `claim` +| `string` +| Claim is a name of a required claim. Only claims with string values are supported. + +| `requiredValue` +| `string` +| RequiredValue is the required value for the claim. + +|=== +=== .spec.oidcProviders[].issuer +Description:: ++ +-- +Issuer describes atributes of the OIDC token issuer +-- + +Type:: + `object` + +Required:: + - `audiences` + - `issuerURL` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `audiences` +| `array (string)` +| Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their "aud" claim. Must be set to exactly one value. + +| `issuerCertificateAuthority` +| `object` +| CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead. + +| `issuerURL` +| `string` +| URL is the serving URL of the token issuer. Must use the https:// scheme. + +|=== +=== .spec.oidcProviders[].issuer.issuerCertificateAuthority +Description:: ++ +-- +CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the metadata.name of the referenced config map + +|=== +=== .spec.oidcProviders[].oidcClients +Description:: ++ +-- +OIDCClients contains configuration for the platform's clients that need to request tokens from the issuer +-- + +Type:: + `array` + + + + +=== .spec.oidcProviders[].oidcClients[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `clientID` + - `componentName` + - `componentNamespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clientID` +| `string` +| ClientID is the identifier of the OIDC client from the OIDC provider + +| `clientSecret` +| `object` +| ClientSecret refers to a secret in the `openshift-config` namespace that contains the client secret in the `clientSecret` key of the `.data` field + +| `componentName` +| `string` +| ComponentName is the name of the component that is supposed to consume this client configuration + +| `componentNamespace` +| `string` +| ComponentNamespace is the namespace of the component that is supposed to consume this client configuration + +| `extraScopes` +| `array (string)` +| ExtraScopes is an optional set of scopes to request tokens with. + +|=== +=== .spec.oidcProviders[].oidcClients[].clientSecret +Description:: ++ +-- +ClientSecret refers to a secret in the `openshift-config` namespace that contains the client secret in the `clientSecret` key of the `.data` field +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the metadata.name of the referenced secret + |=== === .spec.webhookTokenAuthenticator Description:: @@ -251,6 +644,14 @@ Type:: | `object` | integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed. +| `oidcClients` +| `array` +| OIDCClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin. + +| `oidcClients[]` +| `object` +| + |=== === .status.integratedOAuthMetadata Description:: @@ -275,6 +676,184 @@ Required:: | `string` | name is the metadata.name of the referenced config map +|=== +=== .status.oidcClients +Description:: ++ +-- +OIDCClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin. +-- + +Type:: + `array` + + + + +=== .status.oidcClients[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `componentName` + - `componentNamespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `componentName` +| `string` +| ComponentName is the name of the component that will consume a client configuration. + +| `componentNamespace` +| `string` +| ComponentNamespace is the namespace of the component that will consume a client configuration. + +| `conditions` +| `array` +| Conditions are used to communicate the state of the `oidcClients` entry. + Supported conditions include Available, Degraded and Progressing. + If Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +| `consumingUsers` +| `array (string)` +| ConsumingUsers is a slice of ServiceAccounts that need to have read permission on the `clientSecret` secret. + +| `currentOIDCClients` +| `array` +| CurrentOIDCClients is a list of clients that the component is currently using. + +| `currentOIDCClients[]` +| `object` +| + +|=== +=== .status.oidcClients[].conditions +Description:: ++ +-- +Conditions are used to communicate the state of the `oidcClients` entry. + Supported conditions include Available, Degraded and Progressing. + If Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry. +-- + +Type:: + `array` + + + + +=== .status.oidcClients[].conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== +=== .status.oidcClients[].currentOIDCClients +Description:: ++ +-- +CurrentOIDCClients is a list of clients that the component is currently using. +-- + +Type:: + `array` + + + + +=== .status.oidcClients[].currentOIDCClients[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `clientID` + - `issuerURL` + - `oidcProviderName` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `clientID` +| `string` +| ClientID is the identifier of the OIDC client from the OIDC provider + +| `issuerURL` +| `string` +| URL is the serving URL of the token issuer. Must use the https:// scheme. + +| `oidcProviderName` +| `string` +| OIDCName refers to the `name` of the provider from `oidcProviders` + |=== == API endpoints diff --git a/rest_api/config_apis/backup-config-openshift-io-v1alpha1.adoc b/rest_api/config_apis/backup-config-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..d13006f4a4 --- /dev/null +++ b/rest_api/config_apis/backup-config-openshift-io-v1alpha1.adoc @@ -0,0 +1,540 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="backup-config-openshift-io-v1alpha1"] += Backup [config.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +Backup provides configuration for performing backups of the openshift cluster. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec holds user settable values for configuration + +| `status` +| `object` +| status holds observed values from the cluster. They may not be overridden. + +|=== +=== .spec +Description:: ++ +-- +spec holds user settable values for configuration +-- + +Type:: + `object` + +Required:: + - `etcd` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `etcd` +| `object` +| etcd specifies the configuration for periodic backups of the etcd cluster + +|=== +=== .spec.etcd +Description:: ++ +-- +etcd specifies the configuration for periodic backups of the etcd cluster +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `pvcName` +| `string` +| PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the "openshift-etcd" namespace If the PVC is left unspecified "" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes. + +| `retentionPolicy` +| `object` +| RetentionPolicy defines the retention policy for retaining and deleting existing backups. + +| `schedule` +| `string` +| Schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is "no backups", but will change in the future. + +| `timeZone` +| `string` +| The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones + +|=== +=== .spec.etcd.retentionPolicy +Description:: ++ +-- +RetentionPolicy defines the retention policy for retaining and deleting existing backups. +-- + +Type:: + `object` + +Required:: + - `retentionType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `retentionNumber` +| `object` +| RetentionNumber configures the retention policy based on the number of backups + +| `retentionSize` +| `object` +| RetentionSize configures the retention policy based on the size of backups + +| `retentionType` +| `string` +| RetentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept. + +|=== +=== .spec.etcd.retentionPolicy.retentionNumber +Description:: ++ +-- +RetentionNumber configures the retention policy based on the number of backups +-- + +Type:: + `object` + +Required:: + - `maxNumberOfBackups` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `maxNumberOfBackups` +| `integer` +| MaxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated. + +|=== +=== .spec.etcd.retentionPolicy.retentionSize +Description:: ++ +-- +RetentionSize configures the retention policy based on the size of backups +-- + +Type:: + `object` + +Required:: + - `maxSizeOfBackupsGb` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `maxSizeOfBackupsGb` +| `integer` +| MaxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated. + +|=== +=== .status +Description:: ++ +-- +status holds observed values from the cluster. They may not be overridden. +-- + +Type:: + `object` + + + + + +== API endpoints + +The following API endpoints are available: + +* `/apis/config.openshift.io/v1alpha1/backups` +- `DELETE`: delete collection of Backup +- `GET`: list objects of kind Backup +- `POST`: create a Backup +* `/apis/config.openshift.io/v1alpha1/backups/{name}` +- `DELETE`: delete a Backup +- `GET`: read the specified Backup +- `PATCH`: partially update the specified Backup +- `PUT`: replace the specified Backup +* `/apis/config.openshift.io/v1alpha1/backups/{name}/status` +- `GET`: read status of the specified Backup +- `PATCH`: partially update status of the specified Backup +- `PUT`: replace status of the specified Backup + + +=== /apis/config.openshift.io/v1alpha1/backups + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of Backup + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind Backup + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.config.v1alpha1.BackupList[`BackupList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a Backup + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 201 - Created +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 202 - Accepted +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1alpha1/backups/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Backup +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a Backup + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified Backup + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified Backup + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified Backup + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 201 - Created +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1alpha1/backups/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the Backup +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified Backup + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified Backup + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified Backup + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 201 - Created +| xref:../config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[`Backup`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/config_apis/build-config-openshift-io-v1.adoc b/rest_api/config_apis/build-config-openshift-io-v1.adoc index 6e448ee8e8..bafd65d6dd 100644 --- a/rest_api/config_apis/build-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/build-config-openshift-io-v1.adoc @@ -321,7 +321,7 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -413,7 +413,7 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` diff --git a/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc b/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..d0dfc9a999 --- /dev/null +++ b/rest_api/config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc @@ -0,0 +1,745 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="clusterimagepolicy-config-openshift-io-v1alpha1"] += ClusterImagePolicy [config.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ClusterImagePolicy holds cluster-wide configuration for image signature verification + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec contains the configuration for the cluster image policy. + +| `status` +| `object` +| status contains the observed state of the resource. + +|=== +=== .spec +Description:: ++ +-- +spec contains the configuration for the cluster image policy. +-- + +Type:: + `object` + +Required:: + - `policy` + - `scopes` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `policy` +| `object` +| policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated. + +| `scopes` +| `array (string)` +| scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker + +|=== +=== .spec.policy +Description:: ++ +-- +policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated. +-- + +Type:: + `object` + +Required:: + - `rootOfTrust` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `rootOfTrust` +| `object` +| rootOfTrust specifies the root of trust for the policy. + +| `signedIdentity` +| `object` +| signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". + +|=== +=== .spec.policy.rootOfTrust +Description:: ++ +-- +rootOfTrust specifies the root of trust for the policy. +-- + +Type:: + `object` + +Required:: + - `policyType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `fulcioCAWithRekor` +| `object` +| fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor + +| `policyType` +| `string` +| policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. + +| `publicKey` +| `object` +| publicKey defines the root of trust based on a sigstore public key. + +|=== +=== .spec.policy.rootOfTrust.fulcioCAWithRekor +Description:: ++ +-- +fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor +-- + +Type:: + `object` + +Required:: + - `fulcioCAData` + - `fulcioSubject` + - `rekorKeyData` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `fulcioCAData` +| `string` +| fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. + +| `fulcioSubject` +| `object` +| fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. + +| `rekorKeyData` +| `string` +| rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. + +|=== +=== .spec.policy.rootOfTrust.fulcioCAWithRekor.fulcioSubject +Description:: ++ +-- +fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. +-- + +Type:: + `object` + +Required:: + - `oidcIssuer` + - `signedEmail` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `oidcIssuer` +| `string` +| oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: "https://expected.OIDC.issuer/" + +| `signedEmail` +| `string` +| signedEmail holds the email address the the Fulcio certificate is issued for. Example: "expected-signing-user@example.com" + +|=== +=== .spec.policy.rootOfTrust.publicKey +Description:: ++ +-- +publicKey defines the root of trust based on a sigstore public key. +-- + +Type:: + `object` + +Required:: + - `keyData` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `keyData` +| `string` +| keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters. + +| `rekorKeyData` +| `string` +| rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. + +|=== +=== .spec.policy.signedIdentity +Description:: ++ +-- +signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". +-- + +Type:: + `object` + +Required:: + - `matchPolicy` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `exactRepository` +| `object` +| exactRepository is required if matchPolicy is set to "ExactRepository". + +| `matchPolicy` +| `string` +| matchPolicy sets the type of matching to be used. Valid values are "MatchRepoDigestOrExact", "MatchRepository", "ExactRepository", "RemapIdentity". When omitted, the default value is "MatchRepoDigestOrExact". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. "MatchRepoDigestOrExact" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. "MatchRepository" means that the identity in the signature must be in the same repository as the image identity. "ExactRepository" means that the identity in the signature must be in the same repository as a specific identity specified by "repository". "RemapIdentity" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the "prefix" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix. + +| `remapIdentity` +| `object` +| remapIdentity is required if matchPolicy is set to "RemapIdentity". + +|=== +=== .spec.policy.signedIdentity.exactRepository +Description:: ++ +-- +exactRepository is required if matchPolicy is set to "ExactRepository". +-- + +Type:: + `object` + +Required:: + - `repository` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `repository` +| `string` +| repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the "Docker Registry HTTP API V2". For example, docker.io/library/busybox + +|=== +=== .spec.policy.signedIdentity.remapIdentity +Description:: ++ +-- +remapIdentity is required if matchPolicy is set to "RemapIdentity". +-- + +Type:: + `object` + +Required:: + - `prefix` + - `signedPrefix` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `prefix` +| `string` +| prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. + +| `signedPrefix` +| `string` +| signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as "prefix". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. + +|=== +=== .status +Description:: ++ +-- +status contains the observed state of the resource. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions provide details on the status of this API Resource. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +|=== +=== .status.conditions +Description:: ++ +-- +conditions provide details on the status of this API Resource. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/config.openshift.io/v1alpha1/clusterimagepolicies` +- `DELETE`: delete collection of ClusterImagePolicy +- `GET`: list objects of kind ClusterImagePolicy +- `POST`: create a ClusterImagePolicy +* `/apis/config.openshift.io/v1alpha1/clusterimagepolicies/{name}` +- `DELETE`: delete a ClusterImagePolicy +- `GET`: read the specified ClusterImagePolicy +- `PATCH`: partially update the specified ClusterImagePolicy +- `PUT`: replace the specified ClusterImagePolicy +* `/apis/config.openshift.io/v1alpha1/clusterimagepolicies/{name}/status` +- `GET`: read status of the specified ClusterImagePolicy +- `PATCH`: partially update status of the specified ClusterImagePolicy +- `PUT`: replace status of the specified ClusterImagePolicy + + +=== /apis/config.openshift.io/v1alpha1/clusterimagepolicies + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ClusterImagePolicy + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind ClusterImagePolicy + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.config.v1alpha1.ClusterImagePolicyList[`ClusterImagePolicyList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ClusterImagePolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 201 - Created +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 202 - Accepted +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1alpha1/clusterimagepolicies/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterImagePolicy +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ClusterImagePolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ClusterImagePolicy + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ClusterImagePolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ClusterImagePolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 201 - Created +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1alpha1/clusterimagepolicies/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ClusterImagePolicy +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ClusterImagePolicy + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ClusterImagePolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ClusterImagePolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 201 - Created +| xref:../config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[`ClusterImagePolicy`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc index 12094621a4..d09fd0bb76 100644 --- a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc @@ -94,6 +94,16 @@ Required:: | `object` | ComponentOverride allows overriding cluster version operator's behavior for a component. +| `signatureStores` +| `array` +| signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle. + By default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually. + A maximum of 32 signature stores may be configured. + +| `signatureStores[]` +| `object` +| SignatureStore represents the URL of custom Signature Store + | `upstream` | `string` | upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region. @@ -217,6 +227,73 @@ Required:: | `boolean` | unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false +|=== +=== .spec.signatureStores +Description:: ++ +-- +signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle. + By default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually. + A maximum of 32 signature stores may be configured. +-- + +Type:: + `array` + + + + +=== .spec.signatureStores[] +Description:: ++ +-- +SignatureStore represents the URL of custom Signature Store +-- + +Type:: + `object` + +Required:: + - `url` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `ca` +| `object` +| ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config. + +| `url` +| `string` +| url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty. + +|=== +=== .spec.signatureStores[].ca +Description:: ++ +-- +ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the metadata.name of the referenced config map + |=== === .status Description:: diff --git a/rest_api/config_apis/config-apis-index.adoc b/rest_api/config_apis/config-apis-index.adoc index 84ed12d576..4fe25f375c 100644 --- a/rest_api/config_apis/config-apis-index.adoc +++ b/rest_api/config_apis/config-apis-index.adoc @@ -28,6 +28,18 @@ Authentication specifies cluster-wide settings for authentication (like OAuth an Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- +Type:: + `object` + +== Backup [config.openshift.io/v1alpha1] + +Description:: ++ +-- +Backup provides configuration for performing backups of the openshift cluster. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + Type:: `object` @@ -41,6 +53,18 @@ Build configures the behavior of OpenShift builds for the entire cluster. This i Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- +Type:: + `object` + +== ClusterImagePolicy [config.openshift.io/v1alpha1] + +Description:: ++ +-- +ClusterImagePolicy holds cluster-wide configuration for image signature verification + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + Type:: `object` @@ -161,6 +185,18 @@ ImageTagMirrorSet holds cluster-wide information about how to handle registry mi Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- +Type:: + `object` + +== InsightsDataGather [config.openshift.io/v1alpha1] + +Description:: ++ +-- +InsightsDataGather provides data gather configuration options for the the Insights Operator. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + Type:: `object` diff --git a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc index 12b453d198..677fee1d59 100644 --- a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc @@ -1620,6 +1620,10 @@ Type:: |=== | Property | Type | Description +| `cloudLoadBalancerConfig` +| `` +| cloudLoadBalancerConfig is a union that contains the IP addresses of API, API-Int and Ingress Load Balancers created on the cloud platform. These values would not be populated on on-prem platforms. These Load Balancer IPs are used to configure the in-cluster DNS instances for API, API-Int and Ingress services. `dnsType` is expected to be set to `ClusterHosted` when these Load Balancer IP addresses are populated and used. + | `projectID` | `string` | resourceGroupName is the Project ID for new GCP resources created for the cluster. @@ -1628,6 +1632,111 @@ Type:: | `string` | region holds the region for new GCP resources created for the cluster. +| `resourceLabels` +| `array` +| resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + +| `resourceLabels[]` +| `object` +| GCPResourceLabel is a label to apply to GCP resources created for the cluster. + +| `resourceTags` +| `array` +| resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + +| `resourceTags[]` +| `object` +| GCPResourceTag is a tag to apply to GCP resources created for the cluster. + +|=== +=== .status.platformStatus.gcp.resourceLabels +Description:: ++ +-- +resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. +-- + +Type:: + `array` + + + + +=== .status.platformStatus.gcp.resourceLabels[] +Description:: ++ +-- +GCPResourceLabel is a label to apply to GCP resources created for the cluster. +-- + +Type:: + `object` + +Required:: + - `key` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + +| `value` +| `string` +| value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + +|=== +=== .status.platformStatus.gcp.resourceTags +Description:: ++ +-- +resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. +-- + +Type:: + `array` + + + + +=== .status.platformStatus.gcp.resourceTags[] +Description:: ++ +-- +GCPResourceTag is a tag to apply to GCP resources created for the cluster. +-- + +Type:: + `object` + +Required:: + - `key` + - `parentID` + - `value` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + +| `parentID` +| `string` +| parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen. + +| `value` +| `string` +| value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + |=== === .status.platformStatus.ibmcloud Description:: @@ -1710,7 +1819,7 @@ Required:: | `name` | `string` -| name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` +| name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` | `url` | `string` diff --git a/rest_api/config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc b/rest_api/config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..e25640e44a --- /dev/null +++ b/rest_api/config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc @@ -0,0 +1,450 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="insightsdatagather-config-openshift-io-v1alpha1"] += InsightsDataGather [config.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +InsightsDataGather provides data gather configuration options for the the Insights Operator. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec holds user settable values for configuration + +| `status` +| `object` +| status holds observed values from the cluster. They may not be overridden. + +|=== +=== .spec +Description:: ++ +-- +spec holds user settable values for configuration +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `gatherConfig` +| `object` +| gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress. + +|=== +=== .spec.gatherConfig +Description:: ++ +-- +gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `dataPolicy` +| `string` +| dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are "None" and "ObfuscateNetworking". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is None. + +| `disabledGatherers` +| `array (string)` +| disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing "all" value. If all the gatherers are disabled, the Insights operator does not gather any data. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: "oc get insightsoperators.operator.openshift.io cluster -o json \| jq '.status.gatherStatus.gatherers[].name'" An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]` + +|=== +=== .status +Description:: ++ +-- +status holds observed values from the cluster. They may not be overridden. +-- + +Type:: + `object` + + + + + +== API endpoints + +The following API endpoints are available: + +* `/apis/config.openshift.io/v1alpha1/insightsdatagathers` +- `DELETE`: delete collection of InsightsDataGather +- `GET`: list objects of kind InsightsDataGather +- `POST`: create an InsightsDataGather +* `/apis/config.openshift.io/v1alpha1/insightsdatagathers/{name}` +- `DELETE`: delete an InsightsDataGather +- `GET`: read the specified InsightsDataGather +- `PATCH`: partially update the specified InsightsDataGather +- `PUT`: replace the specified InsightsDataGather +* `/apis/config.openshift.io/v1alpha1/insightsdatagathers/{name}/status` +- `GET`: read status of the specified InsightsDataGather +- `PATCH`: partially update status of the specified InsightsDataGather +- `PUT`: replace status of the specified InsightsDataGather + + +=== /apis/config.openshift.io/v1alpha1/insightsdatagathers + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of InsightsDataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind InsightsDataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.config.v1alpha1.InsightsDataGatherList[`InsightsDataGatherList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create an InsightsDataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 201 - Created +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 202 - Accepted +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1alpha1/insightsdatagathers/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the InsightsDataGather +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete an InsightsDataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified InsightsDataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified InsightsDataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified InsightsDataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 201 - Created +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/config.openshift.io/v1alpha1/insightsdatagathers/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the InsightsDataGather +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified InsightsDataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified InsightsDataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified InsightsDataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 201 - Created +| xref:../config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[`InsightsDataGather`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc b/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc index 22d8c41880..7c0c2a1175 100644 --- a/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc +++ b/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc @@ -83,6 +83,10 @@ Type:: | profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" Defaults to "LowNodeUtilization" +| `profileCustomizations` +| `object` +| profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. + |=== === .spec.policy Description:: @@ -107,6 +111,28 @@ Required:: | `string` | name is the metadata.name of the referenced config map +|=== +=== .spec.profileCustomizations +Description:: ++ +-- +profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `dynamicResourceAllocation` +| `string` +| dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled. + |=== === .status Description:: diff --git a/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc b/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc index 6e5d5bf175..a8a09effe3 100644 --- a/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc +++ b/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc @@ -285,7 +285,7 @@ Required:: | `success` | `string` -| success describes the successfully passed task. +| success describes the succesfully passed task. |=== diff --git a/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc b/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc index 1c6231fdad..eab4722330 100644 --- a/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc +++ b/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc @@ -336,6 +336,14 @@ Required:: | `object` | CustomResourceValidation is a list of validation methods for CustomResources. +| `selectableFields` +| `array` +| selectableFields specifies paths to fields that may be used as field selectors. A maximum of 8 selectable fields are allowed. See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors + +| `selectableFields[]` +| `object` +| SelectableField specifies the JSON path of a field that may be used with field selectors. + | `served` | `boolean` | served is a flag enabling/disabling this version from being served via REST APIs @@ -429,6 +437,43 @@ Type:: | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[``] | openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning. +|=== +=== .spec.versions[].selectableFields +Description:: ++ +-- +selectableFields specifies paths to fields that may be used as field selectors. A maximum of 8 selectable fields are allowed. See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors +-- + +Type:: + `array` + + + + +=== .spec.versions[].selectableFields[] +Description:: ++ +-- +SelectableField specifies the JSON path of a field that may be used with field selectors. +-- + +Type:: + `object` + +Required:: + - `jsonPath` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `jsonPath` +| `string` +| jsonPath is a simple JSON path which is evaluated against each custom resource to produce a field selector value. Only JSON paths without the array notation are allowed. Must point to a field of type string, boolean or integer. Types with enum values and strings with formats are allowed. If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string. Must not point to metdata fields. Required. + |=== === .spec.versions[].subresources Description:: diff --git a/rest_api/extension_apis/extension-apis-index.adoc b/rest_api/extension_apis/extension-apis-index.adoc index 39835f6fd5..b1e76ce1c3 100644 --- a/rest_api/extension_apis/extension-apis-index.adoc +++ b/rest_api/extension_apis/extension-apis-index.adoc @@ -37,6 +37,32 @@ Description:: MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. -- +Type:: + `object` + +== ValidatingAdmissionPolicy [admissionregistration.k8s.io/v1] + +Description:: ++ +-- +ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +-- + +Type:: + `object` + +== ValidatingAdmissionPolicyBinding [admissionregistration.k8s.io/v1] + +Description:: ++ +-- +ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters. + +For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding. + +The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget. +-- + Type:: `object` diff --git a/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc index 7caeaf6b66..1f5bfdccfa 100644 --- a/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc +++ b/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc @@ -108,8 +108,6 @@ The exact matching logic is (in order): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped -This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - | `matchConditions[]` | `object` | MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. @@ -296,8 +294,6 @@ The exact matching logic is (in order): 3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - -This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. -- Type:: diff --git a/rest_api/extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc new file mode 100644 index 0000000000..a7467d6650 --- /dev/null +++ b/rest_api/extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc @@ -0,0 +1,1098 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="validatingadmissionpolicy-admissionregistration-k8s-io-v1"] += ValidatingAdmissionPolicy [admissionregistration.k8s.io/v1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. + +| `spec` +| `object` +| ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy. + +| `status` +| `object` +| ValidatingAdmissionPolicyStatus represents the status of an admission validation policy. + +|=== +=== .spec +Description:: ++ +-- +ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `auditAnnotations` +| `array` +| auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required. + +| `auditAnnotations[]` +| `object` +| AuditAnnotation describes how to produce an audit annotation for an API request. + +| `failurePolicy` +| `string` +| failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings. + +A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource. + +failurePolicy does not define how validations that evaluate to false are handled. + +When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced. + +Allowed values are Ignore or Fail. Defaults to Fail. + +Possible enum values: + - `"Fail"` means that an error calling the webhook causes the admission to fail. + - `"Ignore"` means that an error calling the webhook is ignored. + +| `matchConditions` +| `array` +| MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed. + +If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions. + +The exact matching logic is (in order): + 1. If ANY matchCondition evaluates to FALSE, the policy is skipped. + 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated. + 3. If any matchCondition evaluates to an error (but none are FALSE): + - If failurePolicy=Fail, reject the request + - If failurePolicy=Ignore, the policy is skipped + +| `matchConditions[]` +| `object` +| MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. + +| `matchConstraints` +| `object` +| MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) + +| `paramKind` +| `object` +| ParamKind is a tuple of Group Kind and Version. + +| `validations` +| `array` +| Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required. + +| `validations[]` +| `object` +| Validation specifies the CEL expression which is used to apply the validation. + +| `variables` +| `array` +| Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy. + +The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic. + +| `variables[]` +| `object` +| Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. + +|=== +=== .spec.auditAnnotations +Description:: ++ +-- +auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required. +-- + +Type:: + `array` + + + + +=== .spec.auditAnnotations[] +Description:: ++ +-- +AuditAnnotation describes how to produce an audit annotation for an API request. +-- + +Type:: + `object` + +Required:: + - `key` + - `valueExpression` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `key` +| `string` +| key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length. + +The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}". + +If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded. + +Required. + +| `valueExpression` +| `string` +| valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb. + +If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list. + +Required. + +|=== +=== .spec.matchConditions +Description:: ++ +-- +MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed. + +If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions. + +The exact matching logic is (in order): + 1. If ANY matchCondition evaluates to FALSE, the policy is skipped. + 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated. + 3. If any matchCondition evaluates to an error (but none are FALSE): + - If failurePolicy=Fail, reject the request + - If failurePolicy=Ignore, the policy is skipped +-- + +Type:: + `array` + + + + +=== .spec.matchConditions[] +Description:: ++ +-- +MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +-- + +Type:: + `object` + +Required:: + - `name` + - `expression` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `expression` +| `string` +| Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + +'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz +'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. +Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + +Required. + +| `name` +| `string` +| Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + +Required. + +|=== +=== .spec.matchConstraints +Description:: ++ +-- +MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `excludeResourceRules` +| `array` +| ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) + +| `excludeResourceRules[]` +| `object` +| NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. + +| `matchPolicy` +| `string` +| matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". + +- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy. + +- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. + +Defaults to "Equivalent" + +Possible enum values: + - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. + - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule. + +| `namespaceSelector` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] +| NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. + +For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { + "matchExpressions": [ + { + "key": "runlevel", + "operator": "NotIn", + "values": [ + "0", + "1" + ] + } + ] +} + +If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { + "matchExpressions": [ + { + "key": "environment", + "operator": "In", + "values": [ + "prod", + "staging" + ] + } + ] +} + +See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors. + +Default to the empty LabelSelector, which matches everything. + +| `objectSelector` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] +| ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything. + +| `resourceRules` +| `array` +| ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule. + +| `resourceRules[]` +| `object` +| NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. + +|=== +=== .spec.matchConstraints.excludeResourceRules +Description:: ++ +-- +ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) +-- + +Type:: + `array` + + + + +=== .spec.matchConstraints.excludeResourceRules[] +Description:: ++ +-- +NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiGroups` +| `array (string)` +| APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + +| `apiVersions` +| `array (string)` +| APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. + +| `operations` +| `array (string)` +| Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. + +| `resourceNames` +| `array (string)` +| ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + +| `resources` +| `array (string)` +| Resources is a list of resources this rule applies to. + +For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. + +If wildcard is present, the validation rule will ensure resources do not overlap with each other. + +Depending on the enclosing object, subresources might not be allowed. Required. + +| `scope` +| `string` +| scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". + +|=== +=== .spec.matchConstraints.resourceRules +Description:: ++ +-- +ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule. +-- + +Type:: + `array` + + + + +=== .spec.matchConstraints.resourceRules[] +Description:: ++ +-- +NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiGroups` +| `array (string)` +| APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + +| `apiVersions` +| `array (string)` +| APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. + +| `operations` +| `array (string)` +| Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. + +| `resourceNames` +| `array (string)` +| ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + +| `resources` +| `array (string)` +| Resources is a list of resources this rule applies to. + +For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. + +If wildcard is present, the validation rule will ensure resources do not overlap with each other. + +Depending on the enclosing object, subresources might not be allowed. Required. + +| `scope` +| `string` +| scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". + +|=== +=== .spec.paramKind +Description:: ++ +-- +ParamKind is a tuple of Group Kind and Version. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion is the API group version the resources belong to. In format of "group/version". Required. + +| `kind` +| `string` +| Kind is the API kind the resources belong to. Required. + +|=== +=== .spec.validations +Description:: ++ +-- +Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required. +-- + +Type:: + `array` + + + + +=== .spec.validations[] +Description:: ++ +-- +Validation specifies the CEL expression which is used to apply the validation. +-- + +Type:: + `object` + +Required:: + - `expression` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `expression` +| `string` +| Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables: + +- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value. + For example, a variable named 'foo' can be accessed as 'variables.foo'. +- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz +- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + +The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible. + +Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: + "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", + "import", "let", "loop", "package", "namespace", "return". +Examples: + - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"} + - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"} + - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"} + +Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: + - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and + non-intersecting elements in `Y` are appended, retaining their partial order. + - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values + are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with + non-intersecting keys are appended, retaining their partial order. +Required. + +| `message` +| `string` +| Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}". + +| `messageExpression` +| `string` +| messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")" + +| `reason` +| `string` +| Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client. + +|=== +=== .spec.variables +Description:: ++ +-- +Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy. + +The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic. +-- + +Type:: + `array` + + + + +=== .spec.variables[] +Description:: ++ +-- +Variable is the definition of a variable that is used for composition. A variable is defined as a named expression. +-- + +Type:: + `object` + +Required:: + - `name` + - `expression` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `expression` +| `string` +| Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation. + +| `name` +| `string` +| Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo` + +|=== +=== .status +Description:: ++ +-- +ValidatingAdmissionPolicyStatus represents the status of an admission validation policy. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Condition[`array (Condition)`] +| The conditions represent the latest available observations of a policy's current state. + +| `observedGeneration` +| `integer` +| The generation observed by the controller. + +| `typeChecking` +| `object` +| TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy + +|=== +=== .status.typeChecking +Description:: ++ +-- +TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `expressionWarnings` +| `array` +| The type checking warnings for each expression. + +| `expressionWarnings[]` +| `object` +| ExpressionWarning is a warning information that targets a specific expression. + +|=== +=== .status.typeChecking.expressionWarnings +Description:: ++ +-- +The type checking warnings for each expression. +-- + +Type:: + `array` + + + + +=== .status.typeChecking.expressionWarnings[] +Description:: ++ +-- +ExpressionWarning is a warning information that targets a specific expression. +-- + +Type:: + `object` + +Required:: + - `fieldRef` + - `warning` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `fieldRef` +| `string` +| The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression" + +| `warning` +| `string` +| The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies` +- `DELETE`: delete collection of ValidatingAdmissionPolicy +- `GET`: list or watch objects of kind ValidatingAdmissionPolicy +- `POST`: create a ValidatingAdmissionPolicy +* `/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicies` +- `GET`: watch individual changes to a list of ValidatingAdmissionPolicy. deprecated: use the 'watch' parameter with a list operation instead. +* `/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies/{name}` +- `DELETE`: delete a ValidatingAdmissionPolicy +- `GET`: read the specified ValidatingAdmissionPolicy +- `PATCH`: partially update the specified ValidatingAdmissionPolicy +- `PUT`: replace the specified ValidatingAdmissionPolicy +* `/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicies/{name}` +- `GET`: watch changes to an object of kind ValidatingAdmissionPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. +* `/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies/{name}/status` +- `GET`: read status of the specified ValidatingAdmissionPolicy +- `PATCH`: partially update status of the specified ValidatingAdmissionPolicy +- `PUT`: replace status of the specified ValidatingAdmissionPolicy + + +=== /apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list or watch objects of kind ValidatingAdmissionPolicy + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList[`ValidatingAdmissionPolicyList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 202 - Accepted +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicies + + + +HTTP method:: + `GET` + +Description:: + watch individual changes to a list of ValidatingAdmissionPolicy. deprecated: use the 'watch' parameter with a list operation instead. + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ValidatingAdmissionPolicy +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ValidatingAdmissionPolicy + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicies/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ValidatingAdmissionPolicy +|=== + + +HTTP method:: + `GET` + +Description:: + watch changes to an object of kind ValidatingAdmissionPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ValidatingAdmissionPolicy +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified ValidatingAdmissionPolicy + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified ValidatingAdmissionPolicy + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicy`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc new file mode 100644 index 0000000000..2d3da13da5 --- /dev/null +++ b/rest_api/extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc @@ -0,0 +1,656 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="validatingadmissionpolicybinding-admissionregistration-k8s-io-v1"] += ValidatingAdmissionPolicyBinding [admissionregistration.k8s.io/v1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters. + +For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding. + +The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. + +| `spec` +| `object` +| ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding. + +|=== +=== .spec +Description:: ++ +-- +ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `matchResources` +| `object` +| MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) + +| `paramRef` +| `object` +| ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding. + +| `policyName` +| `string` +| PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required. + +| `validationActions` +| `array (string)` +| validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions. + +Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy. + +validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action. + +The supported actions values are: + +"Deny" specifies that a validation failure results in a denied request. + +"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses. + +"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"` + +Clients should expect to handle additional values by ignoring any values not recognized. + +"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers. + +Required. + +|=== +=== .spec.matchResources +Description:: ++ +-- +MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `excludeResourceRules` +| `array` +| ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) + +| `excludeResourceRules[]` +| `object` +| NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. + +| `matchPolicy` +| `string` +| matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". + +- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy. + +- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. + +Defaults to "Equivalent" + +Possible enum values: + - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. + - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule. + +| `namespaceSelector` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] +| NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. + +For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { + "matchExpressions": [ + { + "key": "runlevel", + "operator": "NotIn", + "values": [ + "0", + "1" + ] + } + ] +} + +If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { + "matchExpressions": [ + { + "key": "environment", + "operator": "In", + "values": [ + "prod", + "staging" + ] + } + ] +} + +See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors. + +Default to the empty LabelSelector, which matches everything. + +| `objectSelector` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] +| ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything. + +| `resourceRules` +| `array` +| ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule. + +| `resourceRules[]` +| `object` +| NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. + +|=== +=== .spec.matchResources.excludeResourceRules +Description:: ++ +-- +ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) +-- + +Type:: + `array` + + + + +=== .spec.matchResources.excludeResourceRules[] +Description:: ++ +-- +NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiGroups` +| `array (string)` +| APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + +| `apiVersions` +| `array (string)` +| APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. + +| `operations` +| `array (string)` +| Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. + +| `resourceNames` +| `array (string)` +| ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + +| `resources` +| `array (string)` +| Resources is a list of resources this rule applies to. + +For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. + +If wildcard is present, the validation rule will ensure resources do not overlap with each other. + +Depending on the enclosing object, subresources might not be allowed. Required. + +| `scope` +| `string` +| scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". + +|=== +=== .spec.matchResources.resourceRules +Description:: ++ +-- +ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule. +-- + +Type:: + `array` + + + + +=== .spec.matchResources.resourceRules[] +Description:: ++ +-- +NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiGroups` +| `array (string)` +| APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + +| `apiVersions` +| `array (string)` +| APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. + +| `operations` +| `array (string)` +| Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. + +| `resourceNames` +| `array (string)` +| ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + +| `resources` +| `array (string)` +| Resources is a list of resources this rule applies to. + +For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. + +If wildcard is present, the validation rule will ensure resources do not overlap with each other. + +Depending on the enclosing object, subresources might not be allowed. Required. + +| `scope` +| `string` +| scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". + +|=== +=== .spec.paramRef +Description:: ++ +-- +ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of the resource being referenced. + +One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset. + +A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped. + +| `namespace` +| `string` +| namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields. + +A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty. + +- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error. + +- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error. + +| `parameterNotFoundAction` +| `string` +| `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy. + +Allowed values are `Allow` or `Deny` + +Required + +| `selector` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`] +| selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind. + +If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together. + +One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicybindings` +- `DELETE`: delete collection of ValidatingAdmissionPolicyBinding +- `GET`: list or watch objects of kind ValidatingAdmissionPolicyBinding +- `POST`: create a ValidatingAdmissionPolicyBinding +* `/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicybindings` +- `GET`: watch individual changes to a list of ValidatingAdmissionPolicyBinding. deprecated: use the 'watch' parameter with a list operation instead. +* `/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicybindings/{name}` +- `DELETE`: delete a ValidatingAdmissionPolicyBinding +- `GET`: read the specified ValidatingAdmissionPolicyBinding +- `PATCH`: partially update the specified ValidatingAdmissionPolicyBinding +- `PUT`: replace the specified ValidatingAdmissionPolicyBinding +* `/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicybindings/{name}` +- `GET`: watch changes to an object of kind ValidatingAdmissionPolicyBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. + + +=== /apis/admissionregistration.k8s.io/v1/validatingadmissionpolicybindings + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of ValidatingAdmissionPolicyBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list or watch objects of kind ValidatingAdmissionPolicyBinding + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList[`ValidatingAdmissionPolicyBindingList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a ValidatingAdmissionPolicyBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 202 - Accepted +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicybindings + + + +HTTP method:: + `GET` + +Description:: + watch individual changes to a list of ValidatingAdmissionPolicyBinding. deprecated: use the 'watch' parameter with a list operation instead. + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/validatingadmissionpolicybindings/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ValidatingAdmissionPolicyBinding +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a ValidatingAdmissionPolicyBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified ValidatingAdmissionPolicyBinding + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified ValidatingAdmissionPolicyBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified ValidatingAdmissionPolicyBinding + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 201 - Created +| xref:../extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[`ValidatingAdmissionPolicyBinding`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicybindings/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the ValidatingAdmissionPolicyBinding +|=== + + +HTTP method:: + `GET` + +Description:: + watch changes to an object of kind ValidatingAdmissionPolicyBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter. + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc index 2426cb9d77..44d469b794 100644 --- a/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc +++ b/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc @@ -108,8 +108,6 @@ The exact matching logic is (in order): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped -This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - | `matchConditions[]` | `object` | MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. @@ -282,8 +280,6 @@ The exact matching logic is (in order): 3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - -This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. -- Type:: diff --git a/rest_api/image_apis/image-image-openshift-io-v1.adoc b/rest_api/image_apis/image-image-openshift-io-v1.adoc index b0da6813f9..520ffa7ef5 100644 --- a/rest_api/image_apis/image-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/image-image-openshift-io-v1.adoc @@ -80,7 +80,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -274,7 +274,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -448,7 +448,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== @@ -571,9 +571,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc b/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc index d796710909..c304b1e714 100644 --- a/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc @@ -67,7 +67,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -287,9 +287,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc index e0cd0e60e9..f86e8a0953 100644 --- a/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc @@ -36,7 +36,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `spec` @@ -520,7 +520,7 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== @@ -643,9 +643,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc index 7ec7f5c78f..55efd1342f 100644 --- a/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc @@ -44,7 +44,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |=== @@ -120,7 +120,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -314,7 +314,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` diff --git a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc index 352ccffcf8..f5b099c6b5 100644 --- a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc @@ -41,7 +41,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `spec` @@ -138,7 +138,7 @@ Required:: | TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed. | `to` -| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`] +| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference_v2[`LocalObjectReference_v2`] | To is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used |=== @@ -371,7 +371,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). | `status` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] | Status is the status of the image import, including errors encountered while retrieving the image | `tag` @@ -451,7 +451,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -645,7 +645,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -858,7 +858,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -1052,7 +1052,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -1208,7 +1208,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `spec` @@ -1624,7 +1624,7 @@ Type:: | ImageImportStatus describes the result of an image import. | `status` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] | Status reflects whether any failure occurred during import |=== @@ -1677,7 +1677,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). | `status` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] | Status is the status of the image import, including errors encountered while retrieving the image | `tag` @@ -1757,7 +1757,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -1951,7 +1951,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -2164,7 +2164,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -2358,7 +2358,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` diff --git a/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc index 0c127439c7..c28ac4bcc3 100644 --- a/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc @@ -55,7 +55,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |=== diff --git a/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc index c9ac07fc00..5748741a72 100644 --- a/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc @@ -45,7 +45,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `tag` @@ -125,7 +125,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -319,7 +319,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` diff --git a/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc index 595e0c4c14..191c2e49db 100644 --- a/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc @@ -63,7 +63,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace. | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `tag` @@ -202,7 +202,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -396,7 +396,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -789,9 +789,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc b/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc index f94302bc99..7691373a12 100644 --- a/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc +++ b/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc @@ -46,7 +46,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `spec` @@ -130,7 +130,7 @@ Type:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signatures` @@ -324,7 +324,7 @@ Required:: | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] | metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | `signedClaims` @@ -845,9 +845,9 @@ Description:: |=== | HTTP code | Reponse body | 200 - OK -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 202 - Accepted -| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status_v5[`Status_v5`] schema | 401 - Unauthorized | Empty |=== diff --git a/rest_api/index.adoc b/rest_api/index.adoc index a086781b1b..e4146e55af 100644 --- a/rest_api/index.adoc +++ b/rest_api/index.adoc @@ -30,6 +30,8 @@ | config.openshift.io/v1 | xref:./operator_apis/authentication-operator-openshift-io-v1.adoc#authentication-operator-openshift-io-v1[Authentication] | operator.openshift.io/v1 +| xref:./config_apis/backup-config-openshift-io-v1alpha1.adoc#backup-config-openshift-io-v1alpha1[Backup] +| config.openshift.io/v1alpha1 | xref:./provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc#baremetalhost-metal3-io-v1alpha1[BareMetalHost] | metal3.io/v1alpha1 | xref:./network_apis/baselineadminnetworkpolicy-policy-networking-k8s-io-v1alpha1.adoc#baselineadminnetworkpolicy-policy-networking-k8s-io-v1alpha1[BaselineAdminNetworkPolicy] @@ -58,14 +60,28 @@ | operator.openshift.io/v1 | xref:./network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc#cloudprivateipconfig-cloud-network-openshift-io-v1[CloudPrivateIPConfig] | cloud.network.openshift.io/v1 +| xref:./cluster_apis/cluster-cluster-x-k8s-io-v1beta1.adoc#cluster-cluster-x-k8s-io-v1beta1[Cluster] +| cluster.x-k8s.io/v1beta1 | xref:./autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc#clusterautoscaler-autoscaling-openshift-io-v1[ClusterAutoscaler] | autoscaling.openshift.io/v1 +| xref:./operatorhub_apis/clustercatalog-catalogd-operatorframework-io-v1alpha1.adoc#clustercatalog-catalogd-operatorframework-io-v1alpha1[ClusterCatalog] +| catalogd.operatorframework.io/v1alpha1 +| xref:./cluster_apis/clusterclass-cluster-x-k8s-io-v1beta1.adoc#clusterclass-cluster-x-k8s-io-v1beta1[ClusterClass] +| cluster.x-k8s.io/v1beta1 | xref:./operator_apis/clustercsidriver-operator-openshift-io-v1.adoc#clustercsidriver-operator-openshift-io-v1[ClusterCSIDriver] | operator.openshift.io/v1 +| xref:./operatorhub_apis/clusterextension-olm-operatorframework-io-v1alpha1.adoc#clusterextension-olm-operatorframework-io-v1alpha1[ClusterExtension] +| olm.operatorframework.io/v1alpha1 +| xref:./config_apis/clusterimagepolicy-config-openshift-io-v1alpha1.adoc#clusterimagepolicy-config-openshift-io-v1alpha1[ClusterImagePolicy] +| config.openshift.io/v1alpha1 | xref:./config_apis/clusteroperator-config-openshift-io-v1.adoc#clusteroperator-config-openshift-io-v1[ClusterOperator] | config.openshift.io/v1 | xref:./schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc#clusterresourcequota-quota-openshift-io-v1[ClusterResourceQuota] | quota.openshift.io/v1 +| xref:./cluster_apis/clusterresourceset-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourceset-addons-cluster-x-k8s-io-v1beta1[ClusterResourceSet] +| addons.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1.adoc#clusterresourcesetbinding-addons-cluster-x-k8s-io-v1beta1[ClusterResourceSetBinding] +| addons.cluster.x-k8s.io/v1beta1 | xref:./role_apis/clusterrole-authorization-openshift-io-v1.adoc#clusterrole-authorization-openshift-io-v1[ClusterRole] | authorization.openshift.io/v1 | xref:./rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[ClusterRole] @@ -132,6 +148,8 @@ | apiextensions.k8s.io/v1 | xref:./workloads_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[DaemonSet] | apps/v1 +| xref:./monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[DataGather] +| insights.openshift.io/v1alpha1 | xref:./provisioning_apis/dataimage-metal3-io-v1alpha1.adoc#dataimage-metal3-io-v1alpha1[DataImage] | metal3.io/v1alpha1 | xref:./workloads_apis/deployment-apps-v1.adoc#deployment-apps-v1[Deployment] @@ -148,6 +166,8 @@ | config.openshift.io/v1 | xref:./operator_apis/dns-operator-openshift-io-v1.adoc#dns-operator-openshift-io-v1[DNS] | operator.openshift.io/v1 +| xref:./network_apis/dnsnameresolver-network-openshift-io-v1alpha1.adoc#dnsnameresolver-network-openshift-io-v1alpha1[DNSNameResolver] +| network.openshift.io/v1alpha1 | xref:./operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc#dnsrecord-ingress-operator-openshift-io-v1[DNSRecord] | ingress.operator.openshift.io/v1 | xref:./network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[EgressFirewall] @@ -166,18 +186,36 @@ | discovery.k8s.io/v1 | xref:./operator_apis/etcd-operator-openshift-io-v1.adoc#etcd-operator-openshift-io-v1[Etcd] | operator.openshift.io/v1 +| xref:./operator_apis/etcdbackup-operator-openshift-io-v1alpha1.adoc#etcdbackup-operator-openshift-io-v1alpha1[EtcdBackup] +| operator.openshift.io/v1alpha1 | xref:./metadata_apis/event-v1.adoc#event-v1[Event] | v1 | xref:./metadata_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[Event] | events.k8s.io/v1 | xref:./policy_apis/eviction-policy-v1.adoc#eviction-policy-v1[Eviction] | policy/v1 +| xref:./cluster_apis/extensionconfig-runtime-cluster-x-k8s-io-v1alpha1.adoc#extensionconfig-runtime-cluster-x-k8s-io-v1alpha1[ExtensionConfig] +| runtime.cluster.x-k8s.io/v1alpha1 | xref:./config_apis/featuregate-config-openshift-io-v1.adoc#featuregate-config-openshift-io-v1[FeatureGate] | config.openshift.io/v1 | xref:./provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc#firmwareschema-metal3-io-v1alpha1[FirmwareSchema] | metal3.io/v1alpha1 | xref:./schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1[FlowSchema] | flowcontrol.apiserver.k8s.io/v1 +| xref:./cluster_apis/gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpcluster-infrastructure-cluster-x-k8s-io-v1beta1[GCPCluster] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpclustertemplate-infrastructure-cluster-x-k8s-io-v1beta1[GCPClusterTemplate] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachine-infrastructure-cluster-x-k8s-io-v1beta1[GCPMachine] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmachinetemplate-infrastructure-cluster-x-k8s-io-v1beta1[GCPMachineTemplate] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcluster-infrastructure-cluster-x-k8s-io-v1beta1[GCPManagedCluster] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedcontrolplane-infrastructure-cluster-x-k8s-io-v1beta1[GCPManagedControlPlane] +| infrastructure.cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1.adoc#gcpmanagedmachinepool-infrastructure-cluster-x-k8s-io-v1beta1[GCPManagedMachinePool] +| infrastructure.cluster.x-k8s.io/v1beta1 | xref:./user_and_group_apis/group-user-openshift-io-v1.adoc#group-user-openshift-io-v1[Group] | user.openshift.io/v1 | xref:./provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc#hardwaredata-metal3-io-v1alpha1[HardwareData] @@ -232,14 +270,18 @@ | networking.k8s.io/v1 | xref:./operator_apis/ingresscontroller-operator-openshift-io-v1.adoc#ingresscontroller-operator-openshift-io-v1[IngressController] | operator.openshift.io/v1 +| xref:./config_apis/insightsdatagather-config-openshift-io-v1alpha1.adoc#insightsdatagather-config-openshift-io-v1alpha1[InsightsDataGather] +| config.openshift.io/v1alpha1 | xref:./operator_apis/insightsoperator-operator-openshift-io-v1.adoc#insightsoperator-operator-openshift-io-v1[InsightsOperator] | operator.openshift.io/v1 | xref:./operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc#installplan-operators-coreos-com-v1alpha1[InstallPlan] | operators.coreos.com/v1alpha1 -| xref:./network_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[IPAddress] +| xref:./cluster_apis/ipaddress-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddress-ipam-cluster-x-k8s-io-v1beta1[IPAddress] | ipam.cluster.x-k8s.io/v1beta1 -| xref:./network_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[IPAddressClaim] +| xref:./cluster_apis/ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1.adoc#ipaddressclaim-ipam-cluster-x-k8s-io-v1beta1[IPAddressClaim] | ipam.cluster.x-k8s.io/v1beta1 +| xref:./network_apis/ipamclaim-k8s-cni-cncf-io-v1alpha1.adoc#ipamclaim-k8s-cni-cncf-io-v1alpha1[IPAMClaim] +| k8s.cni.cncf.io/v1alpha1 | xref:./network_apis/ippool-whereabouts-cni-cncf-io-v1alpha1.adoc#ippool-whereabouts-cni-cncf-io-v1alpha1[IPPool] | whereabouts.cni.cncf.io/v1alpha1 | xref:./workloads_apis/job-batch-v1.adoc#job-batch-v1[Job] @@ -264,18 +306,34 @@ | authorization.k8s.io/v1 | xref:./authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc#localsubjectaccessreview-authorization-openshift-io-v1[LocalSubjectAccessReview] | authorization.openshift.io/v1 +| xref:./cluster_apis/machine-cluster-x-k8s-io-v1beta1.adoc#machine-cluster-x-k8s-io-v1beta1[Machine] +| cluster.x-k8s.io/v1beta1 | xref:./machine_apis/machine-machine-openshift-io-v1beta1.adoc#machine-machine-openshift-io-v1beta1[Machine] | machine.openshift.io/v1beta1 | xref:./autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc#machineautoscaler-autoscaling-openshift-io-v1beta1[MachineAutoscaler] | autoscaling.openshift.io/v1beta1 | xref:./machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc#machineconfig-machineconfiguration-openshift-io-v1[MachineConfig] | machineconfiguration.openshift.io/v1 +| xref:./machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[MachineConfigNode] +| machineconfiguration.openshift.io/v1alpha1 | xref:./machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc#machineconfigpool-machineconfiguration-openshift-io-v1[MachineConfigPool] | machineconfiguration.openshift.io/v1 | xref:./operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[MachineConfiguration] | operator.openshift.io/v1 +| xref:./cluster_apis/machinedeployment-cluster-x-k8s-io-v1beta1.adoc#machinedeployment-cluster-x-k8s-io-v1beta1[MachineDeployment] +| cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/machinehealthcheck-cluster-x-k8s-io-v1beta1.adoc#machinehealthcheck-cluster-x-k8s-io-v1beta1[MachineHealthCheck] +| cluster.x-k8s.io/v1beta1 | xref:./machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc#machinehealthcheck-machine-openshift-io-v1beta1[MachineHealthCheck] | machine.openshift.io/v1beta1 +| xref:./machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[MachineOSBuild] +| machineconfiguration.openshift.io/v1alpha1 +| xref:./machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[MachineOSConfig] +| machineconfiguration.openshift.io/v1alpha1 +| xref:./cluster_apis/machinepool-cluster-x-k8s-io-v1beta1.adoc#machinepool-cluster-x-k8s-io-v1beta1[MachinePool] +| cluster.x-k8s.io/v1beta1 +| xref:./cluster_apis/machineset-cluster-x-k8s-io-v1beta1.adoc#machineset-cluster-x-k8s-io-v1beta1[MachineSet] +| cluster.x-k8s.io/v1beta1 | xref:./machine_apis/machineset-machine-openshift-io-v1beta1.adoc#machineset-machine-openshift-io-v1beta1[MachineSet] | machine.openshift.io/v1beta1 | xref:./provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc#metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1[Metal3Remediation] @@ -298,6 +356,8 @@ | v1 | xref:./config_apis/node-config-openshift-io-v1.adoc#node-config-openshift-io-v1[Node] | config.openshift.io/v1 +| xref:./monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc#nodemetrics-metrics-k8s-io-v1beta1[NodeMetrics] +| metrics.k8s.io/v1beta1 | xref:./config_apis/oauth-config-openshift-io-v1.adoc#oauth-config-openshift-io-v1[OAuth] | config.openshift.io/v1 | xref:./oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc#oauthaccesstoken-oauth-openshift-io-v1[OAuthAccessToken] @@ -308,6 +368,8 @@ | oauth.openshift.io/v1 | xref:./oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc#oauthclientauthorization-oauth-openshift-io-v1[OAuthClientAuthorization] | oauth.openshift.io/v1 +| xref:./operatorhub_apis/olm-operator-openshift-io-v1alpha1.adoc#olm-operator-openshift-io-v1alpha1[OLM] +| operator.openshift.io/v1alpha1 | xref:./operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc#olmconfig-operators-coreos-com-v1[OLMConfig] | operators.coreos.com/v1 | xref:./operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc#openshiftapiserver-operator-openshift-io-v1[OpenShiftAPIServer] @@ -334,14 +396,20 @@ | v1 | xref:./storage_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[PersistentVolumeClaim] | v1 +| xref:./machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[PinnedImageSet] +| machineconfiguration.openshift.io/v1alpha1 | xref:./workloads_apis/pod-v1.adoc#pod-v1[Pod] | v1 | xref:./policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[PodDisruptionBudget] | policy/v1 +| xref:./monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc#podmetrics-metrics-k8s-io-v1beta1[PodMetrics] +| metrics.k8s.io/v1beta1 | xref:./monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc#podmonitor-monitoring-coreos-com-v1[PodMonitor] | monitoring.coreos.com/v1 | xref:./network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc#podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1[PodNetworkConnectivityCheck] | controlplane.operator.openshift.io/v1alpha1 +| xref:./schedule_and_quota_apis/podschedulingcontext-resource-k8s-io-v1alpha2.adoc#podschedulingcontext-resource-k8s-io-v1alpha2[PodSchedulingContext] +| resource.k8s.io/v1alpha2 | xref:./security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc#podsecuritypolicyreview-security-openshift-io-v1[PodSecurityPolicyReview] | security.openshift.io/v1 | xref:./security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc#podsecuritypolicyselfsubjectreview-security-openshift-io-v1[PodSecurityPolicySelfSubjectReview] @@ -384,8 +452,20 @@ | v1 | xref:./authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc#resourceaccessreview-authorization-openshift-io-v1[ResourceAccessReview] | authorization.openshift.io/v1 +| xref:./schedule_and_quota_apis/resourceclaim-resource-k8s-io-v1alpha2.adoc#resourceclaim-resource-k8s-io-v1alpha2[ResourceClaim] +| resource.k8s.io/v1alpha2 +| xref:./schedule_and_quota_apis/resourceclaimparameters-resource-k8s-io-v1alpha2.adoc#resourceclaimparameters-resource-k8s-io-v1alpha2[ResourceClaimParameters] +| resource.k8s.io/v1alpha2 +| xref:./schedule_and_quota_apis/resourceclaimtemplate-resource-k8s-io-v1alpha2.adoc#resourceclaimtemplate-resource-k8s-io-v1alpha2[ResourceClaimTemplate] +| resource.k8s.io/v1alpha2 +| xref:./schedule_and_quota_apis/resourceclass-resource-k8s-io-v1alpha2.adoc#resourceclass-resource-k8s-io-v1alpha2[ResourceClass] +| resource.k8s.io/v1alpha2 +| xref:./schedule_and_quota_apis/resourceclassparameters-resource-k8s-io-v1alpha2.adoc#resourceclassparameters-resource-k8s-io-v1alpha2[ResourceClassParameters] +| resource.k8s.io/v1alpha2 | xref:./schedule_and_quota_apis/resourcequota-v1.adoc#resourcequota-v1[ResourceQuota] | v1 +| xref:./schedule_and_quota_apis/resourceslice-resource-k8s-io-v1alpha2.adoc#resourceslice-resource-k8s-io-v1alpha2[ResourceSlice] +| resource.k8s.io/v1alpha2 | xref:./role_apis/role-authorization-openshift-io-v1.adoc#role-authorization-openshift-io-v1[Role] | authorization.openshift.io/v1 | xref:./rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[Role] @@ -426,6 +506,10 @@ | operator.openshift.io/v1 | xref:./monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc#servicemonitor-monitoring-coreos-com-v1[ServiceMonitor] | monitoring.coreos.com/v1 +| xref:./metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[SharedConfigMap] +| sharedresource.openshift.io/v1alpha1 +| xref:./security_apis/sharedsecret-sharedresource-openshift-io-v1alpha1.adoc#sharedsecret-sharedresource-openshift-io-v1alpha1[SharedSecret] +| sharedresource.openshift.io/v1alpha1 | xref:./workloads_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[StatefulSet] | apps/v1 | xref:./operator_apis/storage-operator-openshift-io-v1.adoc#storage-operator-openshift-io-v1[Storage] @@ -458,14 +542,26 @@ | tuned.openshift.io/v1 | xref:./user_and_group_apis/user-user-openshift-io-v1.adoc#user-user-openshift-io-v1[User] | user.openshift.io/v1 +| xref:./network_apis/userdefinednetwork-k8s-ovn-org-v1.adoc#userdefinednetwork-k8s-ovn-org-v1[UserDefinedNetwork] +| k8s.ovn.org/v1 | xref:./user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc#useridentitymapping-user-openshift-io-v1[UserIdentityMapping] | user.openshift.io/v1 | xref:./oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc#useroauthaccesstoken-oauth-openshift-io-v1[UserOAuthAccessToken] | oauth.openshift.io/v1 +| xref:./extension_apis/validatingadmissionpolicy-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicy-admissionregistration-k8s-io-v1[ValidatingAdmissionPolicy] +| admissionregistration.k8s.io/v1 +| xref:./extension_apis/validatingadmissionpolicybinding-admissionregistration-k8s-io-v1.adoc#validatingadmissionpolicybinding-admissionregistration-k8s-io-v1[ValidatingAdmissionPolicyBinding] +| admissionregistration.k8s.io/v1 | xref:./extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[ValidatingWebhookConfiguration] | admissionregistration.k8s.io/v1 | xref:./storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[VolumeAttachment] | storage.k8s.io/v1 +| xref:./storage_apis/volumegroupsnapshot-groupsnapshot-storage-k8s-io-v1alpha1.adoc#volumegroupsnapshot-groupsnapshot-storage-k8s-io-v1alpha1[VolumeGroupSnapshot] +| groupsnapshot.storage.k8s.io/v1alpha1 +| xref:./storage_apis/volumegroupsnapshotclass-groupsnapshot-storage-k8s-io-v1alpha1.adoc#volumegroupsnapshotclass-groupsnapshot-storage-k8s-io-v1alpha1[VolumeGroupSnapshotClass] +| groupsnapshot.storage.k8s.io/v1alpha1 +| xref:./storage_apis/volumegroupsnapshotcontent-groupsnapshot-storage-k8s-io-v1alpha1.adoc#volumegroupsnapshotcontent-groupsnapshot-storage-k8s-io-v1alpha1[VolumeGroupSnapshotContent] +| groupsnapshot.storage.k8s.io/v1alpha1 | xref:./storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[VolumeSnapshot] | snapshot.storage.k8s.io/v1 | xref:./storage_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[VolumeSnapshotClass] diff --git a/rest_api/machine_apis/machine-apis-index.adoc b/rest_api/machine_apis/machine-apis-index.adoc index 30df6f4138..9cf921b38f 100644 --- a/rest_api/machine_apis/machine-apis-index.adoc +++ b/rest_api/machine_apis/machine-apis-index.adoc @@ -111,3 +111,48 @@ MachineSet ensures that a specified number of machines replicas are running at a Type:: `object` +== MachineConfigNode [machineconfiguration.openshift.io/v1alpha1] + +Description:: ++ +-- +MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +== MachineOSBuild [machineconfiguration.openshift.io/v1alpha1] + +Description:: ++ +-- +MachineOSBuild describes a build process managed and deployed by the MCO Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +== MachineOSConfig [machineconfiguration.openshift.io/v1alpha1] + +Description:: ++ +-- +MachineOSConfig describes the configuration for a build process managed by the MCO Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +== PinnedImageSet [machineconfiguration.openshift.io/v1alpha1] + +Description:: ++ +-- +PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + diff --git a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc index de82a5bc5d..2818a3f066 100644 --- a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc +++ b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc @@ -518,6 +518,8 @@ Condition defines an observation of a Machine API resource operational state. Type:: `object` +Required:: + - `type` diff --git a/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc b/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..141ef0eeed --- /dev/null +++ b/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc @@ -0,0 +1,729 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machineconfignode-machineconfiguration-openshift-io-v1alpha1"] += MachineConfigNode [machineconfiguration.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec describes the configuration of the machine config node. + +| `status` +| `object` +| status describes the last observed state of this machine config node. + +|=== +=== .spec +Description:: ++ +-- +spec describes the configuration of the machine config node. +-- + +Type:: + `object` + +Required:: + - `configVersion` + - `node` + - `pool` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configVersion` +| `object` +| configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config. + +| `node` +| `object` +| node contains a reference to the node for this machine config node. + +| `pinnedImageSets` +| `array` +| pinnedImageSets holds the desired pinned image sets that this node should pin and pull. + +| `pinnedImageSets[]` +| `object` +| + +| `pool` +| `object` +| pool contains a reference to the machine config pool that this machine config node's referenced node belongs to. + +|=== +=== .spec.configVersion +Description:: ++ +-- +configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config. +-- + +Type:: + `object` + +Required:: + - `desired` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `desired` +| `string` +| desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +|=== +=== .spec.node +Description:: ++ +-- +node contains a reference to the node for this machine config node. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +|=== +=== .spec.pinnedImageSets +Description:: ++ +-- +pinnedImageSets holds the desired pinned image sets that this node should pin and pull. +-- + +Type:: + `array` + + + + +=== .spec.pinnedImageSets[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of the pinned image set. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +|=== +=== .spec.pool +Description:: ++ +-- +pool contains a reference to the machine config pool that this machine config node's referenced node belongs to. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +|=== +=== .status +Description:: ++ +-- +status describes the last observed state of this machine config node. +-- + +Type:: + `object` + +Required:: + - `configVersion` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions represent the observations of a machine config node's current state. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +| `configVersion` +| `object` +| configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. + +| `observedGeneration` +| `integer` +| observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. + +| `pinnedImageSets` +| `array` +| pinnedImageSets describes the current and desired pinned image sets for this node. The current version is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node. The desired version is the generation of the pinned image set that is targeted to be pulled and pinned on this node. + +| `pinnedImageSets[]` +| `object` +| + +|=== +=== .status.conditions +Description:: ++ +-- +conditions represent the observations of a machine config node's current state. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== +=== .status.configVersion +Description:: ++ +-- +configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. +-- + +Type:: + `object` + +Required:: + - `desired` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `current` +| `string` +| current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +| `desired` +| `string` +| desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +|=== +=== .status.pinnedImageSets +Description:: ++ +-- +pinnedImageSets describes the current and desired pinned image sets for this node. The current version is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node. The desired version is the generation of the pinned image set that is targeted to be pulled and pinned on this node. +-- + +Type:: + `array` + + + + +=== .status.pinnedImageSets[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `currentGeneration` +| `integer` +| currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node. + +| `desiredGeneration` +| `integer` +| desiredGeneration version is the generation of the pinned image set that is targeted to be pulled and pinned on this node. + +| `lastFailedGeneration` +| `integer` +| lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node. + +| `lastFailedGenerationErrors` +| `array (string)` +| lastFailedGenerationErrors is a list of errors why the lastFailed generation failed to be pulled and pinned. + +| `name` +| `string` +| name is the name of the pinned image set. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes` +- `DELETE`: delete collection of MachineConfigNode +- `GET`: list objects of kind MachineConfigNode +- `POST`: create a MachineConfigNode +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}` +- `DELETE`: delete a MachineConfigNode +- `GET`: read the specified MachineConfigNode +- `PATCH`: partially update the specified MachineConfigNode +- `PUT`: replace the specified MachineConfigNode +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}/status` +- `GET`: read status of the specified MachineConfigNode +- `PATCH`: partially update status of the specified MachineConfigNode +- `PUT`: replace status of the specified MachineConfigNode + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachineConfigNode + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineConfigNode + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.machineconfiguration.v1alpha1.MachineConfigNodeList[`MachineConfigNodeList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachineConfigNode + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 201 - Created +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 202 - Accepted +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineConfigNode +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachineConfigNode + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachineConfigNode + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachineConfigNode + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachineConfigNode + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 201 - Created +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineConfigNode +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachineConfigNode + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachineConfigNode + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachineConfigNode + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 201 - Created +| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc index 00c6cff354..5f77523f6c 100644 --- a/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc +++ b/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc @@ -87,6 +87,15 @@ Type:: | `boolean` | paused specifies whether or not changes to this machine config pool should be stopped. This includes generating new desiredMachineConfig and update of machines. +| `pinnedImageSets` +| `array` +| pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure the total uncompressed size of all the images does not exceed available resources. If the total size of the images exceeds the available resources the controller will report a Degraded status to the MachineConfigPool and not attempt to pull any images. Also to help ensure the kubelet can mitigate storage risk, the pinned_image configuration and subsequent service reload will happen only after all of the images have been pulled for each set. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped. + Any failure to prefetch or pin images will result in a Degraded pool. Resolving these failures is the responsibility of the user. The admin should be proactive in ensuring adequate storage and proper image authentication exists in advance. + +| `pinnedImageSets[]` +| `object` +| + |=== === .spec.configuration Description:: @@ -354,6 +363,44 @@ Required:: | `array (string)` | values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +|=== +=== .spec.pinnedImageSets +Description:: ++ +-- +pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure the total uncompressed size of all the images does not exceed available resources. If the total size of the images exceeds the available resources the controller will report a Degraded status to the MachineConfigPool and not attempt to pull any images. Also to help ensure the kubelet can mitigate storage risk, the pinned_image configuration and subsequent service reload will happen only after all of the images have been pulled for each set. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped. + Any failure to prefetch or pin images will result in a Degraded pool. Resolving these failures is the responsibility of the user. The admin should be proactive in ensuring adequate storage and proper image authentication exists in advance. +-- + +Type:: + `array` + + + + +=== .spec.pinnedImageSets[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). Made up of one of more period-separated (.) segments, where each segment consists of alphanumeric characters and hyphens (-), must begin and end with an alphanumeric character, and is at most 63 characters in length. The total length of the name must not exceed 253 characters. + |=== === .status Description:: @@ -404,6 +451,14 @@ Type:: | `integer` | observedGeneration represents the generation observed by the controller. +| `poolSynchronizersStatus` +| `array` +| poolSynchronizersStatus is the status of the machines managed by the pool synchronizers. + +| `poolSynchronizersStatus[]` +| `object` +| + | `readyMachineCount` | `integer` | readyMachineCount represents the total number of ready machines targeted by the pool. @@ -628,6 +683,72 @@ Type:: | `string` | UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids +|=== +=== .status.poolSynchronizersStatus +Description:: ++ +-- +poolSynchronizersStatus is the status of the machines managed by the pool synchronizers. +-- + +Type:: + `array` + + + + +=== .status.poolSynchronizersStatus[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `availableMachineCount` + - `machineCount` + - `poolSynchronizerType` + - `readyMachineCount` + - `unavailableMachineCount` + - `updatedMachineCount` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `availableMachineCount` +| `integer` +| availableMachineCount is the number of machines managed by the node synchronizer which are available. + +| `machineCount` +| `integer` +| machineCount is the number of machines that are managed by the node synchronizer. + +| `observedGeneration` +| `integer` +| observedGeneration is the last generation change that has been applied. + +| `poolSynchronizerType` +| `string` +| poolSynchronizerType describes the type of the pool synchronizer. + +| `readyMachineCount` +| `integer` +| readyMachineCount is the number of machines managed by the node synchronizer that are in a ready state. + +| `unavailableMachineCount` +| `integer` +| unavailableMachineCount is the number of machines managed by the node synchronizer but are unavailable. + +| `updatedMachineCount` +| `integer` +| updatedMachineCount is the number of machines that have been updated by the node synchronizer. + |=== == API endpoints diff --git a/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc index ae3f107725..274afc75d2 100644 --- a/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc +++ b/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc @@ -316,6 +316,8 @@ Condition defines an observation of a Machine API resource operational state. Type:: `object` +Required:: + - `type` diff --git a/rest_api/machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc b/rest_api/machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..b6048a624a --- /dev/null +++ b/rest_api/machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc @@ -0,0 +1,714 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machineosbuild-machineconfiguration-openshift-io-v1alpha1"] += MachineOSBuild [machineconfiguration.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachineOSBuild describes a build process managed and deployed by the MCO Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec describes the configuration of the machine os build + +| `status` +| `object` +| status describes the lst observed state of this machine os build + +|=== +=== .spec +Description:: ++ +-- +spec describes the configuration of the machine os build +-- + +Type:: + `object` + +Required:: + - `configGeneration` + - `desiredConfig` + - `machineOSConfig` + - `renderedImagePushspec` + - `version` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configGeneration` +| `integer` +| configGeneration tracks which version of MachineOSConfig this build is based off of + +| `desiredConfig` +| `object` +| desiredConfig is the desired config we want to build an image for. + +| `machineOSConfig` +| `object` +| machineOSConfig is the config object which the build is based off of + +| `renderedImagePushspec` +| `string` +| renderedImagePushspec is set from the MachineOSConfig The format of the image pullspec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name: + +| `version` +| `integer` +| version tracks the newest MachineOSBuild for each MachineOSConfig + +|=== +=== .spec.desiredConfig +Description:: ++ +-- +desiredConfig is the desired config we want to build an image for. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of the rendered MachineConfig object. + +|=== +=== .spec.machineOSConfig +Description:: ++ +-- +machineOSConfig is the config object which the build is based off of +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name of the MachineOSConfig + +|=== +=== .status +Description:: ++ +-- +status describes the lst observed state of this machine os build +-- + +Type:: + `object` + +Required:: + - `buildStart` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `buildEnd` +| `string` +| buildEnd describes when the build ended. + +| `buildStart` +| `string` +| buildStart describes when the build started. + +| `builderReference` +| `object` +| ImageBuilderType describes the image builder set in the MachineOSConfig + +| `conditions` +| `array` +| conditions are state related conditions for the build. Valid types are: Prepared, Building, Failed, Interrupted, and Succeeded once a Build is marked as Failed, no future conditions can be set. This is enforced by the MCO. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +| `finalImagePullspec` +| `string` +| finalImagePushSpec describes the fully qualified pushspec produced by this build that the final image can be. Must be in sha format. + +| `relatedObjects` +| `array` +| relatedObjects is a list of objects that are related to the build process. + +| `relatedObjects[]` +| `object` +| ObjectReference contains enough information to let you inspect or modify the referred object. + +|=== +=== .status.builderReference +Description:: ++ +-- +ImageBuilderType describes the image builder set in the MachineOSConfig +-- + +Type:: + `object` + +Required:: + - `imageBuilderType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `buildPod` +| `object` +| relatedObjects is a list of objects that are related to the build process. + +| `imageBuilderType` +| `string` +| ImageBuilderType describes the image builder set in the MachineOSConfig + +|=== +=== .status.builderReference.buildPod +Description:: ++ +-- +relatedObjects is a list of objects that are related to the build process. +-- + +Type:: + `object` + +Required:: + - `group` + - `name` + - `resource` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `group` +| `string` +| group of the referent. + +| `name` +| `string` +| name of the referent. + +| `namespace` +| `string` +| namespace of the referent. + +| `resource` +| `string` +| resource of the referent. + +|=== +=== .status.conditions +Description:: ++ +-- +conditions are state related conditions for the build. Valid types are: Prepared, Building, Failed, Interrupted, and Succeeded once a Build is marked as Failed, no future conditions can be set. This is enforced by the MCO. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== +=== .status.relatedObjects +Description:: ++ +-- +relatedObjects is a list of objects that are related to the build process. +-- + +Type:: + `array` + + + + +=== .status.relatedObjects[] +Description:: ++ +-- +ObjectReference contains enough information to let you inspect or modify the referred object. +-- + +Type:: + `object` + +Required:: + - `group` + - `name` + - `resource` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `group` +| `string` +| group of the referent. + +| `name` +| `string` +| name of the referent. + +| `namespace` +| `string` +| namespace of the referent. + +| `resource` +| `string` +| resource of the referent. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineosbuilds` +- `DELETE`: delete collection of MachineOSBuild +- `GET`: list objects of kind MachineOSBuild +- `POST`: create a MachineOSBuild +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineosbuilds/{name}` +- `DELETE`: delete a MachineOSBuild +- `GET`: read the specified MachineOSBuild +- `PATCH`: partially update the specified MachineOSBuild +- `PUT`: replace the specified MachineOSBuild +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineosbuilds/{name}/status` +- `GET`: read status of the specified MachineOSBuild +- `PATCH`: partially update status of the specified MachineOSBuild +- `PUT`: replace status of the specified MachineOSBuild + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineosbuilds + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachineOSBuild + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineOSBuild + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.machineconfiguration.v1alpha1.MachineOSBuildList[`MachineOSBuildList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachineOSBuild + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 201 - Created +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 202 - Accepted +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineosbuilds/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineOSBuild +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachineOSBuild + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachineOSBuild + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachineOSBuild + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachineOSBuild + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 201 - Created +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineosbuilds/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineOSBuild +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachineOSBuild + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachineOSBuild + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachineOSBuild + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 201 - Created +| xref:../machine_apis/machineosbuild-machineconfiguration-openshift-io-v1alpha1.adoc#machineosbuild-machineconfiguration-openshift-io-v1alpha1[`MachineOSBuild`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc b/rest_api/machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..3356f1fa01 --- /dev/null +++ b/rest_api/machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc @@ -0,0 +1,762 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="machineosconfig-machineconfiguration-openshift-io-v1alpha1"] += MachineOSConfig [machineconfiguration.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +MachineOSConfig describes the configuration for a build process managed by the MCO Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec describes the configuration of the machineosconfig + +| `status` +| `object` +| status describes the status of the machineosconfig + +|=== +=== .spec +Description:: ++ +-- +spec describes the configuration of the machineosconfig +-- + +Type:: + `object` + +Required:: + - `buildInputs` + - `machineConfigPool` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `buildInputs` +| `object` +| buildInputs is where user input options for the build live + +| `buildOutputs` +| `object` +| buildOutputs is where user input options for the build live + +| `machineConfigPool` +| `object` +| machineConfigPool is the pool which the build is for + +|=== +=== .spec.buildInputs +Description:: ++ +-- +buildInputs is where user input options for the build live +-- + +Type:: + `object` + +Required:: + - `baseImagePullSecret` + - `imageBuilder` + - `renderedImagePushSecret` + - `renderedImagePushspec` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `baseImagePullSecret` +| `object` +| baseImagePullSecret is the secret used to pull the base image. must live in the openshift-machine-config-operator namespace + +| `baseOSExtensionsImagePullspec` +| `string` +| baseOSExtensionsImagePullspec is the base Extensions image used in the build process the MachineOSConfig object will use the in cluster image registry configuration. if you wish to use a mirror or any other settings specific to registries.conf, please specify those in the cluster wide registries.conf. The format of the image pullspec is: host[:port][/namespace]/name@sha256: + +| `baseOSImagePullspec` +| `string` +| baseOSImagePullspec is the base OSImage we use to build our custom image. the MachineOSConfig object will use the in cluster image registry configuration. if you wish to use a mirror or any other settings specific to registries.conf, please specify those in the cluster wide registries.conf. The format of the image pullspec is: host[:port][/namespace]/name@sha256: + +| `containerFile` +| `array` +| containerFile describes the custom data the user has specified to build into the image. this is also commonly called a Dockerfile and you can treat it as such. The content is the content of your Dockerfile. + +| `containerFile[]` +| `object` +| MachineOSContainerfile contains all custom content the user wants built into the image + +| `imageBuilder` +| `object` +| machineOSImageBuilder describes which image builder will be used in each build triggered by this MachineOSConfig + +| `releaseVersion` +| `string` +| releaseVersion is associated with the base OS Image. This is the version of Openshift that the Base Image is associated with. This field is populated from the machine-config-osimageurl configmap in the openshift-machine-config-operator namespace. It will come in the format: 4.16.0-0.nightly-2024-04-03-065948 or any valid release. The MachineOSBuilder populates this field and validates that this is a valid stream. This is used as a label in the dockerfile that builds the OS image. + +| `renderedImagePushSecret` +| `object` +| renderedImagePushSecret is the secret used to connect to a user registry. the final image push and pull secrets should be separate for security concerns. If the final image push secret is somehow exfiltrated, that gives someone the power to push images to the image repository. By comparison, if the final image pull secret gets exfiltrated, that only gives someone to pull images from the image repository. It's basically the principle of least permissions. this push secret will be used only by the MachineConfigController pod to push the image to the final destination. Not all nodes will need to push this image, most of them will only need to pull the image in order to use it. + +| `renderedImagePushspec` +| `string` +| renderedImagePushspec describes the location of the final image. the MachineOSConfig object will use the in cluster image registry configuration. if you wish to use a mirror or any other settings specific to registries.conf, please specify those in the cluster wide registries.conf. The format of the image pushspec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name: + +|=== +=== .spec.buildInputs.baseImagePullSecret +Description:: ++ +-- +baseImagePullSecret is the secret used to pull the base image. must live in the openshift-machine-config-operator namespace +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of the secret used to push or pull this MachineOSConfig object. this secret must be in the openshift-machine-config-operator namespace. + +|=== +=== .spec.buildInputs.containerFile +Description:: ++ +-- +containerFile describes the custom data the user has specified to build into the image. this is also commonly called a Dockerfile and you can treat it as such. The content is the content of your Dockerfile. +-- + +Type:: + `array` + + + + +=== .spec.buildInputs.containerFile[] +Description:: ++ +-- +MachineOSContainerfile contains all custom content the user wants built into the image +-- + +Type:: + `object` + +Required:: + - `content` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `containerfileArch` +| `string` +| containerfileArch describes the architecture this containerfile is to be built for this arch is optional. If the user does not specify an architecture, it is assumed that the content can be applied to all architectures, or in a single arch cluster: the only architecture. + +| `content` +| `string` +| content is the custom content to be built + +|=== +=== .spec.buildInputs.imageBuilder +Description:: ++ +-- +machineOSImageBuilder describes which image builder will be used in each build triggered by this MachineOSConfig +-- + +Type:: + `object` + +Required:: + - `imageBuilderType` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `imageBuilderType` +| `string` +| imageBuilderType specifies the backend to be used to build the image. Valid options are: PodImageBuilder + +|=== +=== .spec.buildInputs.renderedImagePushSecret +Description:: ++ +-- +renderedImagePushSecret is the secret used to connect to a user registry. the final image push and pull secrets should be separate for security concerns. If the final image push secret is somehow exfiltrated, that gives someone the power to push images to the image repository. By comparison, if the final image pull secret gets exfiltrated, that only gives someone to pull images from the image repository. It's basically the principle of least permissions. this push secret will be used only by the MachineConfigController pod to push the image to the final destination. Not all nodes will need to push this image, most of them will only need to pull the image in order to use it. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of the secret used to push or pull this MachineOSConfig object. this secret must be in the openshift-machine-config-operator namespace. + +|=== +=== .spec.buildOutputs +Description:: ++ +-- +buildOutputs is where user input options for the build live +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `currentImagePullSecret` +| `object` +| currentImagePullSecret is the secret used to pull the final produced image. must live in the openshift-machine-config-operator namespace the final image push and pull secrets should be separate for security concerns. If the final image push secret is somehow exfiltrated, that gives someone the power to push images to the image repository. By comparison, if the final image pull secret gets exfiltrated, that only gives someone to pull images from the image repository. It's basically the principle of least permissions. this pull secret will be used on all nodes in the pool. These nodes will need to pull the final OS image and boot into it using rpm-ostree or bootc. + +|=== +=== .spec.buildOutputs.currentImagePullSecret +Description:: ++ +-- +currentImagePullSecret is the secret used to pull the final produced image. must live in the openshift-machine-config-operator namespace the final image push and pull secrets should be separate for security concerns. If the final image push secret is somehow exfiltrated, that gives someone the power to push images to the image repository. By comparison, if the final image pull secret gets exfiltrated, that only gives someone to pull images from the image repository. It's basically the principle of least permissions. this pull secret will be used on all nodes in the pool. These nodes will need to pull the final OS image and boot into it using rpm-ostree or bootc. +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of the secret used to push or pull this MachineOSConfig object. this secret must be in the openshift-machine-config-operator namespace. + +|=== +=== .spec.machineConfigPool +Description:: ++ +-- +machineConfigPool is the pool which the build is for +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name of the MachineConfigPool object. + +|=== +=== .status +Description:: ++ +-- +status describes the status of the machineosconfig +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions are state related conditions for the config. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +| `currentImagePullspec` +| `string` +| currentImagePullspec is the fully qualified image pull spec used by the MCO to pull down the new OSImage. This must include sha256. + +| `observedGeneration` +| `integer` +| observedGeneration represents the generation observed by the controller. this field is updated when the user changes the configuration in BuildSettings or the MCP this object is associated with. + +|=== +=== .status.conditions +Description:: ++ +-- +conditions are state related conditions for the config. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineosconfigs` +- `DELETE`: delete collection of MachineOSConfig +- `GET`: list objects of kind MachineOSConfig +- `POST`: create a MachineOSConfig +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineosconfigs/{name}` +- `DELETE`: delete a MachineOSConfig +- `GET`: read the specified MachineOSConfig +- `PATCH`: partially update the specified MachineOSConfig +- `PUT`: replace the specified MachineOSConfig +* `/apis/machineconfiguration.openshift.io/v1alpha1/machineosconfigs/{name}/status` +- `GET`: read status of the specified MachineOSConfig +- `PATCH`: partially update status of the specified MachineOSConfig +- `PUT`: replace status of the specified MachineOSConfig + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineosconfigs + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of MachineOSConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind MachineOSConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.machineconfiguration.v1alpha1.MachineOSConfigList[`MachineOSConfigList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a MachineOSConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 201 - Created +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 202 - Accepted +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineosconfigs/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineOSConfig +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a MachineOSConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified MachineOSConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified MachineOSConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified MachineOSConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 201 - Created +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/machineosconfigs/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the MachineOSConfig +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified MachineOSConfig + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified MachineOSConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified MachineOSConfig + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 201 - Created +| xref:../machine_apis/machineosconfig-machineconfiguration-openshift-io-v1alpha1.adoc#machineosconfig-machineconfiguration-openshift-io-v1alpha1[`MachineOSConfig`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc index 38051efdbe..3bb9c64efa 100644 --- a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc +++ b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc @@ -657,6 +657,14 @@ Type:: | `integer` | The number of available replicas (ready for at least minReadySeconds) for this MachineSet. +| `conditions` +| `array` +| Conditions defines the current state of the MachineSet + +| `conditions[]` +| `object` +| Condition defines an observation of a Machine API resource operational state. + | `errorMessage` | `string` | @@ -683,6 +691,63 @@ Type:: | `integer` | Replicas is the most recently observed number of replicas. +|=== +=== .status.conditions +Description:: ++ +-- +Conditions defines the current state of the MachineSet +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition defines an observation of a Machine API resource operational state. +-- + +Type:: + `object` + +Required:: + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| A human readable message indicating details about the transition. This field may be empty. + +| `reason` +| `string` +| The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. + +| `severity` +| `string` +| Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + +| `status` +| `string` +| Status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + |=== == API endpoints diff --git a/rest_api/machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc b/rest_api/machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..be4cb1f3c4 --- /dev/null +++ b/rest_api/machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc @@ -0,0 +1,550 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="pinnedimageset-machineconfiguration-openshift-io-v1alpha1"] += PinnedImageSet [machineconfiguration.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec describes the configuration of this pinned image set. + +| `status` +| `object` +| status describes the last observed state of this pinned image set. + +|=== +=== .spec +Description:: ++ +-- +spec describes the configuration of this pinned image set. +-- + +Type:: + `object` + +Required:: + - `pinnedImages` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `pinnedImages` +| `array` +| pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this: + pinned_images = [ "quay.io/openshift-release-dev/ocp-release@sha256:...", "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", ... ] + These image references should all be by digest, tags aren't allowed. + +| `pinnedImages[]` +| `object` +| + +|=== +=== .spec.pinnedImages +Description:: ++ +-- +pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this: + pinned_images = [ "quay.io/openshift-release-dev/ocp-release@sha256:...", "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", ... ] + These image references should all be by digest, tags aren't allowed. +-- + +Type:: + `array` + + + + +=== .spec.pinnedImages[] +Description:: ++ +-- + +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is an OCI Image referenced by digest. + The format of the image ref is: host[:port][/namespace]/name@sha256: + +|=== +=== .status +Description:: ++ +-- +status describes the last observed state of this pinned image set. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions represent the observations of a pinned image set's current state. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +|=== +=== .status.conditions +Description:: ++ +-- +conditions represent the observations of a pinned image set's current state. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/machineconfiguration.openshift.io/v1alpha1/pinnedimagesets` +- `DELETE`: delete collection of PinnedImageSet +- `GET`: list objects of kind PinnedImageSet +- `POST`: create a PinnedImageSet +* `/apis/machineconfiguration.openshift.io/v1alpha1/pinnedimagesets/{name}` +- `DELETE`: delete a PinnedImageSet +- `GET`: read the specified PinnedImageSet +- `PATCH`: partially update the specified PinnedImageSet +- `PUT`: replace the specified PinnedImageSet +* `/apis/machineconfiguration.openshift.io/v1alpha1/pinnedimagesets/{name}/status` +- `GET`: read status of the specified PinnedImageSet +- `PATCH`: partially update status of the specified PinnedImageSet +- `PUT`: replace status of the specified PinnedImageSet + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/pinnedimagesets + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of PinnedImageSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind PinnedImageSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.machineconfiguration.v1alpha1.PinnedImageSetList[`PinnedImageSetList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a PinnedImageSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 201 - Created +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 202 - Accepted +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/pinnedimagesets/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the PinnedImageSet +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a PinnedImageSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified PinnedImageSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified PinnedImageSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified PinnedImageSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 201 - Created +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/machineconfiguration.openshift.io/v1alpha1/pinnedimagesets/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the PinnedImageSet +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified PinnedImageSet + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified PinnedImageSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified PinnedImageSet + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 201 - Created +| xref:../machine_apis/pinnedimageset-machineconfiguration-openshift-io-v1alpha1.adoc#pinnedimageset-machineconfiguration-openshift-io-v1alpha1[`PinnedImageSet`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/metadata_apis/metadata-apis-index.adoc b/rest_api/metadata_apis/metadata-apis-index.adoc index 8643ec26cc..11f3e6e605 100644 --- a/rest_api/metadata_apis/metadata-apis-index.adoc +++ b/rest_api/metadata_apis/metadata-apis-index.adoc @@ -107,3 +107,19 @@ Namespace provides a scope for Names. Use of multiple namespaces is optional. Type:: `object` +== SharedConfigMap [sharedresource.openshift.io/v1alpha1] + +Description:: ++ +-- +SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the "csi.sharedresource.openshift.io" CSI driver and a reference to the SharedConfigMap in the volume attributes: + spec: volumes: - name: shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedConfigMap: my-share + For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. + `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` + Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + diff --git a/rest_api/metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc b/rest_api/metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..b0e165c676 --- /dev/null +++ b/rest_api/metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc @@ -0,0 +1,539 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="sharedconfigmap-sharedresource-openshift-io-v1alpha1"] += SharedConfigMap [sharedresource.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the "csi.sharedresource.openshift.io" CSI driver and a reference to the SharedConfigMap in the volume attributes: + spec: volumes: - name: shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedConfigMap: my-share + For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. + `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` + Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec is the specification of the desired shared configmap + +| `status` +| `object` +| status is the observed status of the shared configmap + +|=== +=== .spec +Description:: ++ +-- +spec is the specification of the desired shared configmap +-- + +Type:: + `object` + +Required:: + - `configMapRef` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `configMapRef` +| `object` +| configMapRef is a reference to the ConfigMap to share + +| `description` +| `string` +| description is a user readable explanation of what the backing resource provides. + +|=== +=== .spec.configMapRef +Description:: ++ +-- +configMapRef is a reference to the ConfigMap to share +-- + +Type:: + `object` + +Required:: + - `name` + - `namespace` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name represents the name of the ConfigMap that is being referenced. + +| `namespace` +| `string` +| namespace represents the namespace where the referenced ConfigMap is located. + +|=== +=== .status +Description:: ++ +-- +status is the observed status of the shared configmap +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +|=== +=== .status.conditions +Description:: ++ +-- +conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/sharedresource.openshift.io/v1alpha1/sharedconfigmaps` +- `DELETE`: delete collection of SharedConfigMap +- `GET`: list objects of kind SharedConfigMap +- `POST`: create a SharedConfigMap +* `/apis/sharedresource.openshift.io/v1alpha1/sharedconfigmaps/{name}` +- `DELETE`: delete a SharedConfigMap +- `GET`: read the specified SharedConfigMap +- `PATCH`: partially update the specified SharedConfigMap +- `PUT`: replace the specified SharedConfigMap +* `/apis/sharedresource.openshift.io/v1alpha1/sharedconfigmaps/{name}/status` +- `GET`: read status of the specified SharedConfigMap +- `PATCH`: partially update status of the specified SharedConfigMap +- `PUT`: replace status of the specified SharedConfigMap + + +=== /apis/sharedresource.openshift.io/v1alpha1/sharedconfigmaps + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of SharedConfigMap + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind SharedConfigMap + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.sharedresource.v1alpha1.SharedConfigMapList[`SharedConfigMapList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a SharedConfigMap + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 201 - Created +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 202 - Accepted +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/sharedresource.openshift.io/v1alpha1/sharedconfigmaps/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the SharedConfigMap +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a SharedConfigMap + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified SharedConfigMap + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified SharedConfigMap + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified SharedConfigMap + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 201 - Created +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/sharedresource.openshift.io/v1alpha1/sharedconfigmaps/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the SharedConfigMap +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified SharedConfigMap + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified SharedConfigMap + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified SharedConfigMap + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 201 - Created +| xref:../metadata_apis/sharedconfigmap-sharedresource-openshift-io-v1alpha1.adoc#sharedconfigmap-sharedresource-openshift-io-v1alpha1[`SharedConfigMap`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc index c9ba6d197d..391a01b3ab 100644 --- a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc @@ -41,18 +41,22 @@ Required:: | `spec` | `object` -| Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +| Specification of the desired behavior of the Alertmanager cluster. More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | `status` | `object` -| Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +| Most recent observed status of the Alertmanager cluster. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== === .spec Description:: + -- -Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +Specification of the desired behavior of the Alertmanager cluster. More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- Type:: @@ -75,11 +79,13 @@ Type:: | `alertmanagerConfigMatcherStrategy` | `object` -| The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. In the future more options may be added. +| The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. +In the future more options may be added. | `alertmanagerConfigNamespaceSelector` | `object` -| Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. +| Namespaces to be selected for AlertmanagerConfig discovery. If nil, only +check own namespace. | `alertmanagerConfigSelector` | `object` @@ -87,21 +93,30 @@ Type:: | `alertmanagerConfiguration` | `object` -| alertmanagerConfiguration specifies the configuration of Alertmanager. - If defined, it takes precedence over the `configSecret` field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. +| alertmanagerConfiguration specifies the configuration of Alertmanager. + + +If defined, it takes precedence over the `configSecret` field. + + +This is an *experimental feature*, it may change in any upcoming release +in a breaking way. | `automountServiceAccountToken` | `boolean` -| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials. +| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. +If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials. | `baseImage` | `string` -| Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead. +| Base image that is used to deploy pods, without tag. +Deprecated: use 'image' instead. | `clusterAdvertiseAddress` | `string` -| ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 +| ClusterAdvertiseAddress is the explicit address to advertise in cluster. +Needs to be provided for non RFC1918 [1] (public) addresses. +[1] RFC1918: https://tools.ietf.org/html/rfc1918 | `clusterGossipInterval` | `string` @@ -109,7 +124,8 @@ Type:: | `clusterLabel` | `string` -| Defines the identifier that uniquely identifies the Alertmanager cluster. You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field. +| Defines the identifier that uniquely identifies the Alertmanager cluster. +You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field. | `clusterPeerTimeout` | `string` @@ -121,17 +137,38 @@ Type:: | `configMaps` | `array (string)` -| ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. +| ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager +object, which shall be mounted into the Alertmanager Pods. +Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. +The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container. | `configSecret` | `string` -| ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. - The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret and mounted into the `/etc/alertmanager/config` directory in the `alertmanager` container. - If either the secret or the `alertmanager.yaml` key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications). +| ConfigSecret is the name of a Kubernetes Secret in the same namespace as the +Alertmanager object, which contains the configuration for this Alertmanager +instance. If empty, it defaults to `alertmanager-`. + + +The Alertmanager configuration should be available under the +`alertmanager.yaml` key. Additional keys from the original secret are +copied to the generated secret and mounted into the +`/etc/alertmanager/config` directory in the `alertmanager` container. + + +If either the secret or the `alertmanager.yaml` key is missing, the +operator provisions a minimal Alertmanager configuration with one empty +receiver (effectively dropping alert notifications). | `containers` | `array` -| Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. +| Containers allows injecting additional containers. This is meant to +allow adding an authentication proxy to an Alertmanager pod. +Containers described here modify an operator generated container if they +share the same name and modifications are done via a strategic merge +patch. The current container names are: `alertmanager` and +`config-reloader`. Overriding containers is entirely outside the scope +of what the maintainers will support and by doing so, you accept that +this behaviour may break at any time without notice. | `containers[]` | `object` @@ -139,16 +176,24 @@ Type:: | `enableFeatures` | `array (string)` -| Enable access to Alertmanager feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - It requires Alertmanager >= 0.27.0. +| Enable access to Alertmanager feature flags. By default, no features are enabled. +Enabling features which are disabled by default is entirely outside the +scope of what the maintainers will support and by doing so, you accept +that this behaviour may break at any time without notice. + + +It requires Alertmanager >= 0.27.0. | `externalUrl` | `string` -| The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. +| The external URL the Alertmanager instances will be available under. This is +necessary to generate correct URLs. This is necessary if Alertmanager is not +served from root of a DNS name. | `forceEnableClusterMode` | `boolean` -| ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. +| ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. +Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. | `hostAliases` | `array` @@ -156,27 +201,43 @@ Type:: | `hostAliases[]` | `object` -| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. +| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +pod's hosts file. | `image` | `string` -| Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. +| Image if specified has precedence over baseImage, tag and sha +combinations. Specifying the version is still necessary to ensure the +Prometheus Operator knows what version of Alertmanager is being +configured. | `imagePullPolicy` | `string` -| Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. +| Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. +See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. | `imagePullSecrets` | `array` -| An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod +| An optional list of references to secrets in the same namespace +to use for pulling prometheus and alertmanager images from registries +see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod | `imagePullSecrets[]` | `object` -| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +| LocalObjectReference contains enough information to let you locate the +referenced object inside the same namespace. | `initContainers` | `array` -| InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. +| InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. +fetch secrets for injection into the Alertmanager configuration from external sources. Any +errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +InitContainers described here modify an operator +generated init containers if they share the same name and modifications are +done via a strategic merge patch. The current init container name is: +`init-config-reloader`. Overriding init containers is entirely outside the +scope of what the maintainers will support and by doing so, you accept that +this behaviour may break at any time without notice. | `initContainers[]` | `object` @@ -184,7 +245,9 @@ Type:: | `listenLocal` | `boolean` -| ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. +| ListenLocal makes the Alertmanager server listen on loopback, so that it +does not bind against the Pod IP. Note this is only for the Alertmanager +UI, not the gossip communication. | `logFormat` | `string` @@ -196,7 +259,10 @@ Type:: | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. +| Minimum number of seconds for which a newly created pod should be ready +without any of its container crashing for it to be considered available. +Defaults to 0 (pod will be considered available as soon as it is ready) +This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. | `nodeSelector` | `object (string)` @@ -204,16 +270,26 @@ Type:: | `paused` | `boolean` -| If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. +| If set to true all actions on the underlying managed objects are not +goint to be performed, except for delete actions. | `podMetadata` | `object` -| PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. - The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "alertmanager". * "app.kubernetes.io/version" label, set to the Alertmanager version. * "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager". +| PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. + + +The following items are reserved and cannot be overridden: +* "alertmanager" label, set to the name of the Alertmanager instance. +* "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. +* "app.kubernetes.io/managed-by" label, set to "prometheus-operator". +* "app.kubernetes.io/name" label, set to "alertmanager". +* "app.kubernetes.io/version" label, set to the Alertmanager version. +* "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager". | `portName` | `string` -| Port name used for the pods and governing service. Defaults to `web`. +| Port name used for the pods and governing service. +Defaults to `web`. | `priorityClassName` | `string` @@ -221,7 +297,9 @@ Type:: | `replicas` | `integer` -| Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. +| Size is the expected size of the alertmanager cluster. The controller will +eventually make the size of the running cluster equal to the expected +size. | `resources` | `object` @@ -229,35 +307,50 @@ Type:: | `retention` | `string` -| Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). +| Time duration Alertmanager shall retain data for. Default is '120h', +and must match the regular expression `[0-9]+(ms\|s\|m\|h)` (milliseconds seconds minutes hours). | `routePrefix` | `string` -| The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. +| The route prefix Alertmanager registers HTTP handlers for. This is useful, +if using ExternalURL and a proxy is rewriting HTTP routes of a request, +and the actual ExternalURL is still true, but the server serves requests +under a different route prefix. For example for use with `kubectl proxy`. | `secrets` | `array (string)` -| Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. +| Secrets is a list of Secrets in the same namespace as the Alertmanager +object, which shall be mounted into the Alertmanager Pods. +Each Secret is added to the StatefulSet definition as a volume named `secret-`. +The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container. | `securityContext` | `object` -| SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. +| SecurityContext holds pod-level security attributes and common container settings. +This defaults to the default PodSecurityContext. | `serviceAccountName` | `string` -| ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. +| ServiceAccountName is the name of the ServiceAccount to use to run the +Prometheus Pods. | `sha` | `string` -| SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL. +| SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. +Similar to a tag, but the SHA explicitly deploys an immutable container image. +Version and Tag are ignored if SHA is set. +Deprecated: use 'image' instead. The image digest can be specified as part of the image URL. | `storage` | `object` -| Storage is the definition of how storage will be used by the Alertmanager instances. +| Storage is the definition of how storage will be used by the Alertmanager +instances. | `tag` | `string` -| Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL. +| Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. +Version is ignored if Tag is set. +Deprecated: use 'image' instead. The image tag can be specified as part of the image URL. | `tolerations` | `array` @@ -265,7 +358,8 @@ Type:: | `tolerations[]` | `object` -| The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +| The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . | `topologySpreadConstraints` | `array` @@ -281,7 +375,9 @@ Type:: | `volumeMounts` | `array` -| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. +| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. +VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, +that are generated as a result of StorageSpec objects. | `volumeMounts[]` | `object` @@ -289,7 +385,9 @@ Type:: | `volumes` | `array` -| Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. +| Volumes allows configuration of additional volumes on the output StatefulSet definition. +Volumes specified will be appended to other volumes that are generated as a result of +StorageSpec objects. | `volumes[]` | `object` @@ -349,22 +447,43 @@ Type:: | `preferredDuringSchedulingIgnoredDuringExecution` | `array` -| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. +| The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` | `object` -| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +| An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). | `requiredDuringSchedulingIgnoredDuringExecution` | `object` -| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +| If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. |=== === .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution Description:: + -- -The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. +The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred. -- Type:: @@ -377,7 +496,8 @@ Type:: Description:: + -- -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -- Type:: @@ -425,7 +545,8 @@ Type:: | `matchExpressions[]` | `object` -| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. | `matchFields` | `array` @@ -433,7 +554,8 @@ Type:: | `matchFields[]` | `object` -| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. |=== === .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions @@ -453,7 +575,8 @@ Type:: Description:: + -- -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. -- Type:: @@ -475,11 +598,16 @@ Required:: | `operator` | `string` -| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +| Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. | `values` | `array (string)` -| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +| An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch. |=== === .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields @@ -499,7 +627,8 @@ Type:: Description:: + -- -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. -- Type:: @@ -521,18 +650,27 @@ Required:: | `operator` | `string` -| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +| Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. | `values` | `array (string)` -| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +| An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch. |=== === .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution Description:: + -- -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. -- Type:: @@ -553,7 +691,9 @@ Required:: | `nodeSelectorTerms[]` | `object` -| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +| A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. |=== === .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms @@ -573,7 +713,9 @@ Type:: Description:: + -- -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -- Type:: @@ -592,7 +734,8 @@ Type:: | `matchExpressions[]` | `object` -| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. | `matchFields` | `array` @@ -600,7 +743,8 @@ Type:: | `matchFields[]` | `object` -| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. |=== === .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions @@ -620,7 +764,8 @@ Type:: Description:: + -- -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. -- Type:: @@ -642,11 +787,16 @@ Required:: | `operator` | `string` -| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +| Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. | `values` | `array (string)` -| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +| An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch. |=== === .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields @@ -666,7 +816,8 @@ Type:: Description:: + -- -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. -- Type:: @@ -688,11 +839,16 @@ Required:: | `operator` | `string` -| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. +| Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. | `values` | `array (string)` -| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. +| An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch. |=== === .spec.affinity.podAffinity @@ -714,7 +870,15 @@ Type:: | `preferredDuringSchedulingIgnoredDuringExecution` | `array` -| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +| The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` | `object` @@ -722,18 +886,37 @@ Type:: | `requiredDuringSchedulingIgnoredDuringExecution` | `array` -| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. +| If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied. | `requiredDuringSchedulingIgnoredDuringExecution[]` | `object` -| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +| Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running |=== === .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution Description:: + -- -The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred. -- Type:: @@ -768,7 +951,8 @@ Required:: | `weight` | `integer` -| weight associated with matching the corresponding podAffinityTerm, in the range 1-100. +| weight associated with matching the corresponding podAffinityTerm, +in the range 1-100. |=== === .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm @@ -792,34 +976,63 @@ Required:: | `labelSelector` | `object` -| A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +| A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. | `matchLabelKeys` | `array (string)` -| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `mismatchLabelKeys` | `array (string)` -| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `namespaceSelector` | `object` -| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +| A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. | `namespaces` | `array (string)` -| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +| namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace". | `topologyKey` | `string` -| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. +| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed. |=== === .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector Description:: + -- -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. -- Type:: @@ -838,11 +1051,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions @@ -862,7 +1078,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -884,18 +1101,26 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector Description:: + -- -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. -- Type:: @@ -914,11 +1139,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions @@ -938,7 +1166,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -960,18 +1189,28 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution Description:: + -- -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied. -- Type:: @@ -984,7 +1223,12 @@ Type:: Description:: + -- -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running -- Type:: @@ -1001,34 +1245,63 @@ Required:: | `labelSelector` | `object` -| A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +| A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. | `matchLabelKeys` | `array (string)` -| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `mismatchLabelKeys` | `array (string)` -| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `namespaceSelector` | `object` -| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +| A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. | `namespaces` | `array (string)` -| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +| namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace". | `topologyKey` | `string` -| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. +| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed. |=== === .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector Description:: + -- -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. -- Type:: @@ -1047,11 +1320,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions @@ -1071,7 +1347,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1093,18 +1370,26 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector Description:: + -- -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. -- Type:: @@ -1123,11 +1408,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions @@ -1147,7 +1435,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1169,11 +1458,15 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAntiAffinity @@ -1195,7 +1488,15 @@ Type:: | `preferredDuringSchedulingIgnoredDuringExecution` | `array` -| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +| The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred. | `preferredDuringSchedulingIgnoredDuringExecution[]` | `object` @@ -1203,18 +1504,37 @@ Type:: | `requiredDuringSchedulingIgnoredDuringExecution` | `array` -| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. +| If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied. | `requiredDuringSchedulingIgnoredDuringExecution[]` | `object` -| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +| Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running |=== === .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution Description:: + -- -The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. +The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred. -- Type:: @@ -1249,7 +1569,8 @@ Required:: | `weight` | `integer` -| weight associated with matching the corresponding podAffinityTerm, in the range 1-100. +| weight associated with matching the corresponding podAffinityTerm, +in the range 1-100. |=== === .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm @@ -1273,34 +1594,63 @@ Required:: | `labelSelector` | `object` -| A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +| A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. | `matchLabelKeys` | `array (string)` -| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `mismatchLabelKeys` | `array (string)` -| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `namespaceSelector` | `object` -| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +| A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. | `namespaces` | `array (string)` -| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +| namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace". | `topologyKey` | `string` -| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. +| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed. |=== === .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector Description:: + -- -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. -- Type:: @@ -1319,11 +1669,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions @@ -1343,7 +1696,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1365,18 +1719,26 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector Description:: + -- -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. -- Type:: @@ -1395,11 +1757,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions @@ -1419,7 +1784,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1441,18 +1807,28 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution Description:: + -- -If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. +If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied. -- Type:: @@ -1465,7 +1841,12 @@ Type:: Description:: + -- -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running -- Type:: @@ -1482,34 +1863,63 @@ Required:: | `labelSelector` | `object` -| A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +| A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. | `matchLabelKeys` | `array (string)` -| MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both matchLabelKeys and labelSelector. +Also, matchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `mismatchLabelKeys` | `array (string)` -| MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +| MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. +Also, mismatchLabelKeys cannot be set when labelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. | `namespaceSelector` | `object` -| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +| A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. | `namespaces` | `array (string)` -| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". +| namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace". | `topologyKey` | `string` -| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. +| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed. |=== === .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector Description:: + -- -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. -- Type:: @@ -1528,11 +1938,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions @@ -1552,7 +1965,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1574,18 +1988,26 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector Description:: + -- -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. -- Type:: @@ -1604,11 +2026,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions @@ -1628,7 +2053,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1650,18 +2076,23 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.alertmanagerConfigMatcherStrategy Description:: + -- -The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. In the future more options may be added. +The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. +In the future more options may be added. -- Type:: @@ -1676,14 +2107,17 @@ Type:: | `type` | `string` -| If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. Default is `OnNamespace`. +| If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. +`None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. +Default is `OnNamespace`. |=== === .spec.alertmanagerConfigNamespaceSelector Description:: + -- -Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. +Namespaces to be selected for AlertmanagerConfig discovery. If nil, only +check own namespace. -- Type:: @@ -1702,11 +2136,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.alertmanagerConfigNamespaceSelector.matchExpressions @@ -1726,7 +2163,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1748,11 +2186,15 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.alertmanagerConfigSelector @@ -1778,11 +2220,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.alertmanagerConfigSelector.matchExpressions @@ -1802,7 +2247,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1824,20 +2270,29 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.alertmanagerConfiguration Description:: + -- -alertmanagerConfiguration specifies the configuration of Alertmanager. - If defined, it takes precedence over the `configSecret` field. - This is an *experimental feature*, it may change in any upcoming release in a breaking way. +alertmanagerConfiguration specifies the configuration of Alertmanager. + + +If defined, it takes precedence over the `configSecret` field. + + +This is an *experimental feature*, it may change in any upcoming release +in a breaking way. -- Type:: @@ -1856,7 +2311,9 @@ Type:: | `name` | `string` -| The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules. +| The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. +It must be defined in the same namespace as the Alertmanager object. +The operator will not enforce a `namespace` label for routes and inhibition rules. | `templates` | `array` @@ -1902,7 +2359,9 @@ Type:: | `resolveTimeout` | `string` -| ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt. +| ResolveTimeout is the default value used by alertmanager if the alert does +not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. +This has no impact on alerts from Prometheus, as they always include EndsAt. | `slackApiUrl` | `object` @@ -1932,15 +2391,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the Alertmanager +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -1963,7 +2427,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -1982,9 +2447,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.alertmanagerConfiguration.global.httpConfig.authorization.credentials @@ -2012,7 +2481,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2023,7 +2498,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -2038,18 +2514,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.alertmanagerConfiguration.global.httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -2070,7 +2549,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2081,7 +2566,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -2102,7 +2588,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2113,7 +2605,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the Alertmanager +object and accessible by the Prometheus Operator. -- Type:: @@ -2134,7 +2629,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2164,15 +2665,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -2187,7 +2691,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -2234,7 +2739,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2266,7 +2777,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2277,7 +2794,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -2298,7 +2816,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2394,7 +2918,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2426,7 +2956,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2484,7 +3020,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2516,7 +3058,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2548,7 +3096,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2580,7 +3134,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2612,7 +3172,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2644,7 +3210,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2694,7 +3266,8 @@ Type:: | `requireTLS` | `boolean` -| The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. +| The default SMTP TLS requirement. +Note that Go does not support unencrypted connections to remote SMTP endpoints. | `smartHost` | `object` @@ -2726,7 +3299,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2758,7 +3337,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2858,7 +3443,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2890,7 +3481,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2901,7 +3498,14 @@ Required:: Description:: + -- -Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. +Containers allows injecting additional containers. This is meant to +allow adding an authentication proxy to an Alertmanager pod. +Containers described here modify an operator generated container if they +share the same name and modifications are done via a strategic merge +patch. The current container names are: `alertmanager` and +`config-reloader`. Overriding containers is entirely outside the scope +of what the maintainers will support and by doing so, you accept that +this behaviour may break at any time without notice. -- Type:: @@ -2931,15 +3535,30 @@ Required:: | `args` | `array (string)` -| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +| Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | `command` | `array (string)` -| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +| Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | `env` | `array` -| List of environment variables to set in the container. Cannot be updated. +| List of environment variables to set in the container. +Cannot be updated. | `env[]` | `object` @@ -2947,7 +3566,12 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated. | `envFrom[]` | `object` @@ -2955,27 +3579,46 @@ Required:: | `image` | `string` -| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +| Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets. | `imagePullPolicy` | `string` -| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +| Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | `lifecycle` | `object` -| Actions that the management system should take in response to container lifecycle events. Cannot be updated. +| Actions that the management system should take in response to container lifecycle events. +Cannot be updated. | `livenessProbe` | `object` -| Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `name` | `string` -| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. +| Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated. | `ports` | `array` -| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. +| List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated. | `ports[]` | `object` @@ -2983,7 +3626,10 @@ Required:: | `readinessProbe` | `object` -| Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `resizePolicy` | `array` @@ -2995,39 +3641,84 @@ Required:: | `resources` | `object` -| Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed. | `securityContext` | `object` -| SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +| SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | `startupProbe` | `object` -| StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `stdin` | `boolean` -| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +| Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false. | `stdinOnce` | `boolean` -| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +| Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false | `terminationMessagePath` | `string` -| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +| Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated. | `terminationMessagePolicy` | `string` -| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +| Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated. | `tty` | `boolean` -| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. +| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false. | `volumeDevices` | `array` @@ -3039,7 +3730,8 @@ Required:: | `volumeMounts` | `array` -| Pod volumes to mount into the container's filesystem. Cannot be updated. +| Pod volumes to mount into the container's filesystem. +Cannot be updated. | `volumeMounts[]` | `object` @@ -3047,14 +3739,18 @@ Required:: | `workingDir` | `string` -| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. +| Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated. |=== === .spec.containers[].env Description:: + -- -List of environment variables to set in the container. Cannot be updated. +List of environment variables to set in the container. +Cannot be updated. -- Type:: @@ -3088,7 +3784,15 @@ Required:: | `value` | `string` -| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". +| Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "". | `valueFrom` | `object` @@ -3118,11 +3822,13 @@ Type:: | `fieldRef` | `object` -| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. | `resourceFieldRef` | `object` -| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +| Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. | `secretKeyRef` | `object` @@ -3154,7 +3860,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3165,7 +3877,8 @@ Required:: Description:: + -- -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. -- Type:: @@ -3193,7 +3906,8 @@ Required:: Description:: + -- -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. -- Type:: @@ -3246,7 +3960,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3257,7 +3977,12 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated. -- Type:: @@ -3315,7 +4040,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3341,7 +4072,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3352,7 +4089,8 @@ Type:: Description:: + -- -Actions that the management system should take in response to container lifecycle events. Cannot be updated. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated. -- Type:: @@ -3367,18 +4105,32 @@ Type:: | `postStart` | `object` -| PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +| PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks | `preStop` | `object` -| PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +| PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |=== === .spec.containers[].lifecycle.postStart Description:: + -- -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks -- Type:: @@ -3405,7 +4157,9 @@ Type:: | `tcpSocket` | `object` -| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. |=== === .spec.containers[].lifecycle.postStart.exec @@ -3427,7 +4181,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.containers[].lifecycle.postStart.httpGet @@ -3451,7 +4209,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -3467,11 +4226,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.containers[].lifecycle.postStart.httpGet.httpHeaders @@ -3509,7 +4271,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -3544,7 +4307,9 @@ Required:: Description:: + -- -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. -- Type:: @@ -3565,14 +4330,24 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.containers[].lifecycle.preStop Description:: + -- -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks -- Type:: @@ -3599,7 +4374,9 @@ Type:: | `tcpSocket` | `object` -| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. |=== === .spec.containers[].lifecycle.preStop.exec @@ -3621,7 +4398,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.containers[].lifecycle.preStop.httpGet @@ -3645,7 +4426,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -3661,11 +4443,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.containers[].lifecycle.preStop.httpGet.httpHeaders @@ -3703,7 +4488,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -3738,7 +4524,9 @@ Required:: Description:: + -- -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. -- Type:: @@ -3759,14 +4547,19 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.containers[].livenessProbe Description:: + -- -Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- Type:: @@ -3785,7 +4578,8 @@ Type:: | `failureThreshold` | `integer` -| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +| Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1. | `grpc` | `object` @@ -3797,15 +4591,18 @@ Type:: | `initialDelaySeconds` | `integer` -| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `periodSeconds` | `integer` -| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +| How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1. | `successThreshold` | `integer` -| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +| Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | `tcpSocket` | `object` @@ -3813,11 +4610,22 @@ Type:: | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | `timeoutSeconds` | `integer` -| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |=== === .spec.containers[].livenessProbe.exec @@ -3839,7 +4647,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.containers[].livenessProbe.grpc @@ -3867,8 +4679,11 @@ Required:: | `service` | `string` -| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. +| Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC. |=== === .spec.containers[].livenessProbe.httpGet @@ -3892,7 +4707,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -3908,11 +4724,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.containers[].livenessProbe.httpGet.httpHeaders @@ -3950,7 +4769,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -3982,14 +4802,22 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.containers[].ports Description:: + -- -List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. +List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated. -- Type:: @@ -4019,7 +4847,8 @@ Required:: | `containerPort` | `integer` -| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. +| Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536. | `hostIP` | `string` @@ -4027,22 +4856,31 @@ Required:: | `hostPort` | `integer` -| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +| Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this. | `name` | `string` -| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services. | `protocol` | `string` -| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". +| Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP". |=== === .spec.containers[].readinessProbe Description:: + -- -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- Type:: @@ -4061,7 +4899,8 @@ Type:: | `failureThreshold` | `integer` -| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +| Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1. | `grpc` | `object` @@ -4073,15 +4912,18 @@ Type:: | `initialDelaySeconds` | `integer` -| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `periodSeconds` | `integer` -| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +| How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1. | `successThreshold` | `integer` -| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +| Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | `tcpSocket` | `object` @@ -4089,11 +4931,22 @@ Type:: | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | `timeoutSeconds` | `integer` -| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |=== === .spec.containers[].readinessProbe.exec @@ -4115,7 +4968,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.containers[].readinessProbe.grpc @@ -4143,8 +5000,11 @@ Required:: | `service` | `string` -| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. +| Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC. |=== === .spec.containers[].readinessProbe.httpGet @@ -4168,7 +5028,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -4184,11 +5045,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.containers[].readinessProbe.httpGet.httpHeaders @@ -4226,7 +5090,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -4258,7 +5123,9 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.containers[].resizePolicy @@ -4296,18 +5163,22 @@ Required:: | `resourceName` | `string` -| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. +| Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory. | `restartPolicy` | `string` -| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. +| Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired. |=== === .spec.containers[].resources Description:: + -- -Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- Type:: @@ -4322,9 +5193,15 @@ Type:: | `claims` | `array` -| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. +| Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers. | `claims[]` | `object` @@ -4332,20 +5209,30 @@ Type:: | `limits` | `integer-or-string` -| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `requests` | `integer-or-string` -| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |=== === .spec.containers[].resources.claims Description:: + -- -Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. +Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers. -- Type:: @@ -4375,14 +5262,18 @@ Required:: | `name` | `string` -| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. +| Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container. |=== === .spec.containers[].securityContext Description:: + -- -SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -- Type:: @@ -4397,54 +5288,139 @@ Type:: | `allowPrivilegeEscalation` | `boolean` -| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +| AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows. + +| `appArmorProfile` +| `object` +| appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. | `capabilities` | `object` -| The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +| The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows. | `privileged` | `boolean` -| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +| Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows. | `procMount` | `string` -| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +| procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows. | `readOnlyRootFilesystem` | `boolean` -| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +| Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows. | `runAsGroup` | `integer` -| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +| The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. | `runAsNonRoot` | `boolean` -| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +| Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. | `runAsUser` | `integer` -| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +| The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. | `seLinuxOptions` | `object` -| The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +| The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. | `seccompProfile` | `object` -| The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +| The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows. | `windowsOptions` | `object` -| The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +| The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. + +|=== +=== .spec.containers[].securityContext.appArmorProfile +Description:: ++ +-- +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. +-- + +Type:: + `object` + +Required:: + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `localhostProfile` +| `string` +| localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost". + +| `type` +| `string` +| type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. |=== === .spec.containers[].securityContext.capabilities Description:: + -- -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -4470,7 +5446,11 @@ Type:: Description:: + -- -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -4504,7 +5484,10 @@ Type:: Description:: + -- -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -4521,19 +5504,30 @@ Required:: | `localhostProfile` | `string` -| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. +| localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type. | `type` | `string` -| type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. +| type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied. |=== === .spec.containers[].securityContext.windowsOptions Description:: + -- -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. -- Type:: @@ -4548,7 +5542,9 @@ Type:: | `gmsaCredentialSpec` | `string` -| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. +| GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field. | `gmsaCredentialSpecName` | `string` @@ -4556,18 +5552,30 @@ Type:: | `hostProcess` | `boolean` -| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +| HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true. | `runAsUserName` | `string` -| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +| The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. |=== === .spec.containers[].startupProbe Description:: + -- -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- Type:: @@ -4586,7 +5594,8 @@ Type:: | `failureThreshold` | `integer` -| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +| Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1. | `grpc` | `object` @@ -4598,15 +5607,18 @@ Type:: | `initialDelaySeconds` | `integer` -| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `periodSeconds` | `integer` -| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +| How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1. | `successThreshold` | `integer` -| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +| Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | `tcpSocket` | `object` @@ -4614,11 +5626,22 @@ Type:: | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | `timeoutSeconds` | `integer` -| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |=== === .spec.containers[].startupProbe.exec @@ -4640,7 +5663,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.containers[].startupProbe.grpc @@ -4668,8 +5695,11 @@ Required:: | `service` | `string` -| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. +| Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC. |=== === .spec.containers[].startupProbe.httpGet @@ -4693,7 +5723,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -4709,11 +5740,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.containers[].startupProbe.httpGet.httpHeaders @@ -4751,7 +5785,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -4783,7 +5818,9 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.containers[].volumeDevices @@ -4832,7 +5869,8 @@ Required:: Description:: + -- -Pod volumes to mount into the container's filesystem. Cannot be updated. +Pod volumes to mount into the container's filesystem. +Cannot be updated. -- Type:: @@ -4863,11 +5901,17 @@ Required:: | `mountPath` | `string` -| Path within the container at which the volume should be mounted. Must not contain ':'. +| Path within the container at which the volume should be mounted. Must +not contain ':'. | `mountPropagation` | `string` -| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +| mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None). | `name` | `string` @@ -4875,15 +5919,43 @@ Required:: | `readOnly` | `boolean` -| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +| Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false. + +| `recursiveReadOnly` +| `string` +| RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + + +If ReadOnly is false, this field has no meaning and must be unspecified. + + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + + +If this field is not specified, it is treated as an equivalent of Disabled. | `subPath` | `string` -| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). +| Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root). | `subPathExpr` | `string` -| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. +| Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive. |=== === .spec.hostAliases @@ -4903,7 +5975,8 @@ Type:: Description:: + -- -HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. +HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +pod's hosts file. -- Type:: @@ -4932,7 +6005,9 @@ Required:: Description:: + -- -An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod +An optional list of references to secrets in the same namespace +to use for pulling prometheus and alertmanager images from registries +see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod -- Type:: @@ -4945,7 +6020,8 @@ Type:: Description:: + -- -LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +LocalObjectReference contains enough information to let you locate the +referenced object inside the same namespace. -- Type:: @@ -4960,14 +6036,28 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.initContainers Description:: + -- -InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. +InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. +fetch secrets for injection into the Alertmanager configuration from external sources. Any +errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +InitContainers described here modify an operator +generated init containers if they share the same name and modifications are +done via a strategic merge patch. The current init container name is: +`init-config-reloader`. Overriding init containers is entirely outside the +scope of what the maintainers will support and by doing so, you accept that +this behaviour may break at any time without notice. -- Type:: @@ -4997,15 +6087,30 @@ Required:: | `args` | `array (string)` -| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +| Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | `command` | `array (string)` -| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +| Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | `env` | `array` -| List of environment variables to set in the container. Cannot be updated. +| List of environment variables to set in the container. +Cannot be updated. | `env[]` | `object` @@ -5013,7 +6118,12 @@ Required:: | `envFrom` | `array` -| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +| List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated. | `envFrom[]` | `object` @@ -5021,27 +6131,46 @@ Required:: | `image` | `string` -| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +| Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets. | `imagePullPolicy` | `string` -| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +| Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | `lifecycle` | `object` -| Actions that the management system should take in response to container lifecycle events. Cannot be updated. +| Actions that the management system should take in response to container lifecycle events. +Cannot be updated. | `livenessProbe` | `object` -| Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `name` | `string` -| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. +| Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated. | `ports` | `array` -| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. +| List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated. | `ports[]` | `object` @@ -5049,7 +6178,10 @@ Required:: | `readinessProbe` | `object` -| Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `resizePolicy` | `array` @@ -5061,39 +6193,84 @@ Required:: | `resources` | `object` -| Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `restartPolicy` | `string` -| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +| RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed. | `securityContext` | `object` -| SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +| SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | `startupProbe` | `object` -| StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `stdin` | `boolean` -| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +| Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false. | `stdinOnce` | `boolean` -| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +| Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false | `terminationMessagePath` | `string` -| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +| Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated. | `terminationMessagePolicy` | `string` -| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +| Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated. | `tty` | `boolean` -| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. +| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false. | `volumeDevices` | `array` @@ -5105,7 +6282,8 @@ Required:: | `volumeMounts` | `array` -| Pod volumes to mount into the container's filesystem. Cannot be updated. +| Pod volumes to mount into the container's filesystem. +Cannot be updated. | `volumeMounts[]` | `object` @@ -5113,14 +6291,18 @@ Required:: | `workingDir` | `string` -| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. +| Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated. |=== === .spec.initContainers[].env Description:: + -- -List of environment variables to set in the container. Cannot be updated. +List of environment variables to set in the container. +Cannot be updated. -- Type:: @@ -5154,7 +6336,15 @@ Required:: | `value` | `string` -| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". +| Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "". | `valueFrom` | `object` @@ -5184,11 +6374,13 @@ Type:: | `fieldRef` | `object` -| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. | `resourceFieldRef` | `object` -| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +| Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. | `secretKeyRef` | `object` @@ -5220,7 +6412,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5231,7 +6429,8 @@ Required:: Description:: + -- -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. -- Type:: @@ -5259,7 +6458,8 @@ Required:: Description:: + -- -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. -- Type:: @@ -5312,7 +6512,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5323,7 +6529,12 @@ Required:: Description:: + -- -List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated. -- Type:: @@ -5381,7 +6592,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5407,7 +6624,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5418,7 +6641,8 @@ Type:: Description:: + -- -Actions that the management system should take in response to container lifecycle events. Cannot be updated. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated. -- Type:: @@ -5433,18 +6657,32 @@ Type:: | `postStart` | `object` -| PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +| PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks | `preStop` | `object` -| PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +| PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks |=== === .spec.initContainers[].lifecycle.postStart Description:: + -- -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks -- Type:: @@ -5471,7 +6709,9 @@ Type:: | `tcpSocket` | `object` -| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. |=== === .spec.initContainers[].lifecycle.postStart.exec @@ -5493,7 +6733,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.initContainers[].lifecycle.postStart.httpGet @@ -5517,7 +6761,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -5533,11 +6778,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders @@ -5575,7 +6823,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -5610,7 +6859,9 @@ Required:: Description:: + -- -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. -- Type:: @@ -5631,14 +6882,24 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.initContainers[].lifecycle.preStop Description:: + -- -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks -- Type:: @@ -5665,7 +6926,9 @@ Type:: | `tcpSocket` | `object` -| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. |=== === .spec.initContainers[].lifecycle.preStop.exec @@ -5687,7 +6950,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.initContainers[].lifecycle.preStop.httpGet @@ -5711,7 +6978,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -5727,11 +6995,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders @@ -5769,7 +7040,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -5804,7 +7076,9 @@ Required:: Description:: + -- -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. -- Type:: @@ -5825,14 +7099,19 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.initContainers[].livenessProbe Description:: + -- -Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- Type:: @@ -5851,7 +7130,8 @@ Type:: | `failureThreshold` | `integer` -| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +| Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1. | `grpc` | `object` @@ -5863,15 +7143,18 @@ Type:: | `initialDelaySeconds` | `integer` -| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `periodSeconds` | `integer` -| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +| How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1. | `successThreshold` | `integer` -| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +| Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | `tcpSocket` | `object` @@ -5879,11 +7162,22 @@ Type:: | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | `timeoutSeconds` | `integer` -| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |=== === .spec.initContainers[].livenessProbe.exec @@ -5905,7 +7199,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.initContainers[].livenessProbe.grpc @@ -5933,8 +7231,11 @@ Required:: | `service` | `string` -| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. +| Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC. |=== === .spec.initContainers[].livenessProbe.httpGet @@ -5958,7 +7259,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -5974,11 +7276,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.initContainers[].livenessProbe.httpGet.httpHeaders @@ -6016,7 +7321,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -6048,14 +7354,22 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.initContainers[].ports Description:: + -- -List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. +List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated. -- Type:: @@ -6085,7 +7399,8 @@ Required:: | `containerPort` | `integer` -| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. +| Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536. | `hostIP` | `string` @@ -6093,22 +7408,31 @@ Required:: | `hostPort` | `integer` -| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +| Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this. | `name` | `string` -| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services. | `protocol` | `string` -| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". +| Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP". |=== === .spec.initContainers[].readinessProbe Description:: + -- -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- Type:: @@ -6127,7 +7451,8 @@ Type:: | `failureThreshold` | `integer` -| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +| Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1. | `grpc` | `object` @@ -6139,15 +7464,18 @@ Type:: | `initialDelaySeconds` | `integer` -| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `periodSeconds` | `integer` -| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +| How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1. | `successThreshold` | `integer` -| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +| Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | `tcpSocket` | `object` @@ -6155,11 +7483,22 @@ Type:: | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | `timeoutSeconds` | `integer` -| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |=== === .spec.initContainers[].readinessProbe.exec @@ -6181,7 +7520,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.initContainers[].readinessProbe.grpc @@ -6209,8 +7552,11 @@ Required:: | `service` | `string` -| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. +| Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC. |=== === .spec.initContainers[].readinessProbe.httpGet @@ -6234,7 +7580,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -6250,11 +7597,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.initContainers[].readinessProbe.httpGet.httpHeaders @@ -6292,7 +7642,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -6324,7 +7675,9 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.initContainers[].resizePolicy @@ -6362,18 +7715,22 @@ Required:: | `resourceName` | `string` -| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. +| Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory. | `restartPolicy` | `string` -| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. +| Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired. |=== === .spec.initContainers[].resources Description:: + -- -Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -- Type:: @@ -6388,9 +7745,15 @@ Type:: | `claims` | `array` -| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. +| Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers. | `claims[]` | `object` @@ -6398,20 +7761,30 @@ Type:: | `limits` | `integer-or-string` -| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `requests` | `integer-or-string` -| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |=== === .spec.initContainers[].resources.claims Description:: + -- -Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. +Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers. -- Type:: @@ -6441,14 +7814,18 @@ Required:: | `name` | `string` -| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. +| Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container. |=== === .spec.initContainers[].securityContext Description:: + -- -SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -- Type:: @@ -6463,54 +7840,139 @@ Type:: | `allowPrivilegeEscalation` | `boolean` -| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +| AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows. + +| `appArmorProfile` +| `object` +| appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. | `capabilities` | `object` -| The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +| The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows. | `privileged` | `boolean` -| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +| Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows. | `procMount` | `string` -| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +| procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows. | `readOnlyRootFilesystem` | `boolean` -| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +| Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows. | `runAsGroup` | `integer` -| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +| The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. | `runAsNonRoot` | `boolean` -| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +| Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. | `runAsUser` | `integer` -| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +| The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. | `seLinuxOptions` | `object` -| The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +| The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. | `seccompProfile` | `object` -| The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +| The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows. | `windowsOptions` | `object` -| The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +| The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. + +|=== +=== .spec.initContainers[].securityContext.appArmorProfile +Description:: ++ +-- +appArmorProfile is the AppArmor options to use by this container. If set, this profile +overrides the pod's appArmorProfile. +Note that this field cannot be set when spec.os.name is windows. +-- + +Type:: + `object` + +Required:: + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `localhostProfile` +| `string` +| localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost". + +| `type` +| `string` +| type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. |=== === .spec.initContainers[].securityContext.capabilities Description:: + -- -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -6536,7 +7998,11 @@ Type:: Description:: + -- -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -6570,7 +8036,10 @@ Type:: Description:: + -- -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -6587,19 +8056,30 @@ Required:: | `localhostProfile` | `string` -| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. +| localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type. | `type` | `string` -| type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. +| type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied. |=== === .spec.initContainers[].securityContext.windowsOptions Description:: + -- -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. -- Type:: @@ -6614,7 +8094,9 @@ Type:: | `gmsaCredentialSpec` | `string` -| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. +| GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field. | `gmsaCredentialSpecName` | `string` @@ -6622,18 +8104,30 @@ Type:: | `hostProcess` | `boolean` -| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +| HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true. | `runAsUserName` | `string` -| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +| The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. |=== === .spec.initContainers[].startupProbe Description:: + -- -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes -- Type:: @@ -6652,7 +8146,8 @@ Type:: | `failureThreshold` | `integer` -| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +| Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1. | `grpc` | `object` @@ -6664,15 +8159,18 @@ Type:: | `initialDelaySeconds` | `integer` -| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | `periodSeconds` | `integer` -| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +| How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1. | `successThreshold` | `integer` -| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +| Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | `tcpSocket` | `object` @@ -6680,11 +8178,22 @@ Type:: | `terminationGracePeriodSeconds` | `integer` -| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | `timeoutSeconds` | `integer` -| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +| Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |=== === .spec.initContainers[].startupProbe.exec @@ -6706,7 +8215,11 @@ Type:: | `command` | `array (string)` -| Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +| Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |=== === .spec.initContainers[].startupProbe.grpc @@ -6734,8 +8247,11 @@ Required:: | `service` | `string` -| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. +| Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC. |=== === .spec.initContainers[].startupProbe.httpGet @@ -6759,7 +8275,8 @@ Required:: | `host` | `string` -| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +| Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead. | `httpHeaders` | `array` @@ -6775,11 +8292,14 @@ Required:: | `port` | `integer-or-string` -| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. | `scheme` | `string` -| Scheme to use for connecting to the host. Defaults to HTTP. +| Scheme to use for connecting to the host. +Defaults to HTTP. |=== === .spec.initContainers[].startupProbe.httpGet.httpHeaders @@ -6817,7 +8337,8 @@ Required:: | `name` | `string` -| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. +| The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header. | `value` | `string` @@ -6849,7 +8370,9 @@ Required:: | `port` | `integer-or-string` -| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +| Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME. |=== === .spec.initContainers[].volumeDevices @@ -6898,7 +8421,8 @@ Required:: Description:: + -- -Pod volumes to mount into the container's filesystem. Cannot be updated. +Pod volumes to mount into the container's filesystem. +Cannot be updated. -- Type:: @@ -6929,11 +8453,17 @@ Required:: | `mountPath` | `string` -| Path within the container at which the volume should be mounted. Must not contain ':'. +| Path within the container at which the volume should be mounted. Must +not contain ':'. | `mountPropagation` | `string` -| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +| mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None). | `name` | `string` @@ -6941,23 +8471,59 @@ Required:: | `readOnly` | `boolean` -| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +| Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false. + +| `recursiveReadOnly` +| `string` +| RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + + +If ReadOnly is false, this field has no meaning and must be unspecified. + + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + + +If this field is not specified, it is treated as an equivalent of Disabled. | `subPath` | `string` -| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). +| Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root). | `subPathExpr` | `string` -| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. +| Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive. |=== === .spec.podMetadata Description:: + -- -PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. - The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "alertmanager". * "app.kubernetes.io/version" label, set to the Alertmanager version. * "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager". +PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. + + +The following items are reserved and cannot be overridden: +* "alertmanager" label, set to the name of the Alertmanager instance. +* "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. +* "app.kubernetes.io/managed-by" label, set to "prometheus-operator". +* "app.kubernetes.io/name" label, set to "alertmanager". +* "app.kubernetes.io/version" label, set to the Alertmanager version. +* "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager". -- Type:: @@ -6972,15 +8538,26 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names +| Name must be unique within a namespace. Is required when creating resources, although +some resources may allow a client to request the generation of an appropriate name +automatically. Name is primarily intended for creation idempotence and configuration +definition. +Cannot be updated. +More info: http://kubernetes.io/docs/user-guide/identifiers#names |=== === .spec.resources @@ -7002,9 +8579,15 @@ Type:: | `claims` | `array` -| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. +| Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers. | `claims[]` | `object` @@ -7012,20 +8595,30 @@ Type:: | `limits` | `integer-or-string` -| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `requests` | `integer-or-string` -| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |=== === .spec.resources.claims Description:: + -- -Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. +Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers. -- Type:: @@ -7055,14 +8648,17 @@ Required:: | `name` | `string` -| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. +| Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container. |=== === .spec.securityContext Description:: + -- -SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. +SecurityContext holds pod-level security attributes and common container settings. +This defaults to the default PodSecurityContext. -- Type:: @@ -7075,43 +8671,92 @@ Type:: |=== | Property | Type | Description +| `appArmorProfile` +| `object` +| appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + | `fsGroup` | `integer` -| A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. +| A special supplemental group that applies to all containers in a pod. +Some volume types allow the Kubelet to change the ownership of that volume +to be owned by the pod: + + +1. The owning GID will be the FSGroup +2. The setgid bit is set (new files created in the volume will be owned by FSGroup) +3. The permission bits are OR'd with rw-rw---- + + +If unset, the Kubelet will not modify the ownership and permissions of any volume. +Note that this field cannot be set when spec.os.name is windows. | `fsGroupChangePolicy` | `string` -| fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. +| fsGroupChangePolicy defines behavior of changing ownership and permission of the volume +before being exposed inside Pod. This field will only apply to +volume types which support fsGroup based ownership(and permissions). +It will have no effect on ephemeral volume types such as: secret, configmaps +and emptydir. +Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. +Note that this field cannot be set when spec.os.name is windows. | `runAsGroup` | `integer` -| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +| The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows. | `runAsNonRoot` | `boolean` -| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +| Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. | `runAsUser` | `integer` -| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +| The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows. | `seLinuxOptions` | `object` -| The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +| The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows. | `seccompProfile` | `object` -| The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +| The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. | `supplementalGroups` | `array (integer)` -| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. +| A list of groups applied to the first process run in each container, in addition +to the container's primary GID, the fsGroup (if specified), and group memberships +defined in the container image for the uid of the container process. If unspecified, +no additional groups are added to any container. Note that group memberships +defined in the container image for the uid of the container process are still effective, +even if they are not included in this list. +Note that this field cannot be set when spec.os.name is windows. | `sysctls` | `array` -| Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. +| Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows. | `sysctls[]` | `object` @@ -7119,14 +8764,58 @@ Type:: | `windowsOptions` | `object` -| The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +| The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. + +|=== +=== .spec.securityContext.appArmorProfile +Description:: ++ +-- +appArmorProfile is the AppArmor options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. +-- + +Type:: + `object` + +Required:: + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `localhostProfile` +| `string` +| localhostProfile indicates a profile loaded on the node that should be used. +The profile must be preconfigured on the node to work. +Must match the loaded name of the profile. +Must be set if and only if type is "Localhost". + +| `type` +| `string` +| type indicates which kind of AppArmor profile will be applied. +Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. |=== === .spec.securityContext.seLinuxOptions Description:: + -- -The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -7160,7 +8849,8 @@ Type:: Description:: + -- -The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -7177,19 +8867,29 @@ Required:: | `localhostProfile` | `string` -| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. +| localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type. | `type` | `string` -| type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. +| type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied. |=== === .spec.securityContext.sysctls Description:: + -- -Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. +Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows. -- Type:: @@ -7231,7 +8931,10 @@ Required:: Description:: + -- -The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. -- Type:: @@ -7246,7 +8949,9 @@ Type:: | `gmsaCredentialSpec` | `string` -| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. +| GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field. | `gmsaCredentialSpecName` | `string` @@ -7254,18 +8959,25 @@ Type:: | `hostProcess` | `boolean` -| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +| HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true. | `runAsUserName` | `string` -| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +| The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. |=== === .spec.storage Description:: + -- -Storage is the definition of how storage will be used by the Alertmanager instances. +Storage is the definition of how storage will be used by the Alertmanager +instances. -- Type:: @@ -7284,22 +8996,31 @@ Type:: | `emptyDir` | `object` -| EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +| EmptyDirVolumeSource to be used by the StatefulSet. +If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. +More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir | `ephemeral` | `object` -| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +| EphemeralVolumeSource to be used by the StatefulSet. +This is a beta field in k8s 1.21 and GA in 1.15. +For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. +More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes | `volumeClaimTemplate` | `object` -| Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. +| Defines the PVC spec to be used by the Prometheus StatefulSets. +The easiest way to use a volume that cannot be automatically provisioned +is to use a label selector alongside manually created PersistentVolumes. |=== === .spec.storage.emptyDir Description:: + -- -EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir +EmptyDirVolumeSource to be used by the StatefulSet. +If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. +More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir -- Type:: @@ -7314,18 +9035,29 @@ Type:: | `medium` | `string` -| medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +| medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir | `sizeLimit` | `integer-or-string` -| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +| sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |=== === .spec.storage.ephemeral Description:: + -- -EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes +EphemeralVolumeSource to be used by the StatefulSet. +This is a beta field in k8s 1.21 and GA in 1.15. +For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. +More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes -- Type:: @@ -7340,20 +9072,60 @@ Type:: | `volumeClaimTemplate` | `object` -| Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +| Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. |=== === .spec.storage.ephemeral.volumeClaimTemplate Description:: + -- -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. -- Type:: @@ -7370,18 +9142,25 @@ Required:: | `metadata` | `object` -| May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +| May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. | `spec` | `object` -| The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +| The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. |=== === .spec.storage.ephemeral.volumeClaimTemplate.metadata Description:: + -- -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. -- Type:: @@ -7394,7 +9173,10 @@ Type:: Description:: + -- -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. -- Type:: @@ -7409,19 +9191,53 @@ Type:: | `accessModes` | `array (string)` -| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 +| accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +| dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` -| resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +| resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | `selector` | `object` @@ -7429,15 +9245,28 @@ Type:: | `storageClassName` | `string` -| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +| storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. | `volumeMode` | `string` -| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. +| volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec. | `volumeName` | `string` @@ -7448,7 +9277,14 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -7466,7 +9302,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -7481,7 +9319,29 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -7499,7 +9359,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -7511,14 +9373,20 @@ Required:: | `namespace` | `string` -| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources Description:: + -- -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources -- Type:: @@ -7533,11 +9401,15 @@ Type:: | `limits` | `integer-or-string` -| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `requests` | `integer-or-string` -| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.selector @@ -7563,11 +9435,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.storage.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions @@ -7587,7 +9462,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -7609,18 +9485,24 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.storage.volumeClaimTemplate Description:: + -- -Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. +Defines the PVC spec to be used by the Prometheus StatefulSets. +The easiest way to use a volume that cannot be automatically provisioned +is to use a label selector alongside manually created PersistentVolumes. -- Type:: @@ -7635,11 +9517,18 @@ Type:: | `apiVersion` | `string` -| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +| APIVersion defines the versioned schema of this representation of an object. +Servers should convert recognized schemas to the latest internal value, and +may reject unrecognized values. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | `kind` | `string` -| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +| Kind is a string value representing the REST resource this object represents. +Servers may infer this from the endpoint the client submits requests to. +Cannot be updated. +In CamelCase. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | `metadata` | `object` @@ -7647,7 +9536,8 @@ Type:: | `spec` | `object` -| Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +| Defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | `status` | `object` @@ -7673,22 +9563,34 @@ Type:: | `annotations` | `object (string)` -| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations +| Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations | `labels` | `object (string)` -| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels +| Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels | `name` | `string` -| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names +| Name must be unique within a namespace. Is required when creating resources, although +some resources may allow a client to request the generation of an appropriate name +automatically. Name is primarily intended for creation idempotence and configuration +definition. +Cannot be updated. +More info: http://kubernetes.io/docs/user-guide/identifiers#names |=== === .spec.storage.volumeClaimTemplate.spec Description:: + -- -Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +Defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims -- Type:: @@ -7703,19 +9605,53 @@ Type:: | `accessModes` | `array (string)` -| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 +| accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +| dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` -| resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +| resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | `selector` | `object` @@ -7723,15 +9659,28 @@ Type:: | `storageClassName` | `string` -| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +| storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. | `volumeMode` | `string` -| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. +| volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec. | `volumeName` | `string` @@ -7742,7 +9691,14 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -7760,7 +9716,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -7775,7 +9733,29 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -7793,7 +9773,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -7805,14 +9787,20 @@ Required:: | `namespace` | `string` -| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |=== === .spec.storage.volumeClaimTemplate.spec.resources Description:: + -- -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources -- Type:: @@ -7827,11 +9815,15 @@ Type:: | `limits` | `integer-or-string` -| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `requests` | `integer-or-string` -| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |=== === .spec.storage.volumeClaimTemplate.spec.selector @@ -7857,11 +9849,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.storage.volumeClaimTemplate.spec.selector.matchExpressions @@ -7881,7 +9876,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -7903,11 +9899,15 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.storage.volumeClaimTemplate.status @@ -7929,21 +9929,77 @@ Type:: | `accessModes` | `array (string)` -| accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 +| accessModes contains the actual access modes the volume backing the PVC has. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | `allocatedResourceStatuses` | `object (string)` -| allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. - A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. +| allocatedResourceStatuses stores status of resource being resized for the given PVC. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +ClaimResourceStatus can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller starts resizing the volume in control-plane. + - ControllerResizeFailed: + State set when resize has failed in resize controller with a terminal error. + - NodeResizePending: + State set when resize controller has finished resizing the volume but further resizing of + volume is needed on the node. + - NodeResizeInProgress: + State set when kubelet starts resizing the volume. + - NodeResizeFailed: + State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + NodeResizeFailed. +For example: if expanding a PVC for more capacity - this field can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" +When this field is not set, it means that no resize operation is in progress for the given PVC. + + +A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. | `allocatedResources` | `integer-or-string` -| allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. - A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. +| allocatedResources tracks the resources allocated to a PVC including its capacity. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +Capacity reported here may be larger than the actual capacity when a volume expansion operation +is requested. +For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. +If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. +If a volume expansion capacity request is lowered, allocatedResources is only +lowered if there are no expansion operations in progress and if the actual volume capacity +is equal or lower than the requested capacity. + + +A controller that receives PVC update with previously unknown resourceName +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. | `capacity` | `integer-or-string` @@ -7951,7 +10007,8 @@ Type:: | `conditions` | `array` -| conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. +| conditions is the current Condition of persistent volume claim. If underlying persistent volume is being +resized then the Condition will be set to 'Resizing'. | `conditions[]` | `object` @@ -7959,11 +10016,15 @@ Type:: | `currentVolumeAttributesClassName` | `string` -| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature. +| currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. +When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim +This is an alpha field and requires enabling VolumeAttributesClass feature. | `modifyVolumeStatus` | `object` -| ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. +| ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. +When this is unset, there is no ModifyVolume operation being attempted. +This is an alpha field and requires enabling VolumeAttributesClass feature. | `phase` | `string` @@ -7974,7 +10035,8 @@ Type:: Description:: + -- -conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. +conditions is the current Condition of persistent volume claim. If underlying persistent volume is being +resized then the Condition will be set to 'Resizing'. -- Type:: @@ -8017,7 +10079,9 @@ Required:: | `reason` | `string` -| reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. +| reason is a unique, this should be a short, machine understandable string that gives the reason +for condition's last transition. If it reports "Resizing" that means the underlying +persistent volume is being resized. | `status` | `string` @@ -8032,7 +10096,9 @@ Required:: Description:: + -- -ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. +ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. +When this is unset, there is no ModifyVolume operation being attempted. +This is an alpha field and requires enabling VolumeAttributesClass feature. -- Type:: @@ -8049,7 +10115,16 @@ Required:: | `status` | `string` -| status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately. +| status is the status of the ControllerModifyVolume operation. It can be in any of following states: + - Pending + Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as + the specified VolumeAttributesClass not existing. + - InProgress + InProgress indicates that the volume is being modified. + - Infeasible + Infeasible indicates that the request has been rejected as invalid by the CSI driver. To + resolve the error, a valid VolumeAttributesClass needs to be specified. +Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately. | `targetVolumeAttributesClassName` | `string` @@ -8073,7 +10148,8 @@ Type:: Description:: + -- -The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . -- Type:: @@ -8088,23 +10164,32 @@ Type:: | `effect` | `string` -| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +| Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. | `key` | `string` -| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +| Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys. | `operator` | `string` -| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +| Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category. | `tolerationSeconds` | `integer` -| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +| TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system. | `value` | `string` -| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. +| Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string. |=== === .spec.topologySpreadConstraints @@ -8143,47 +10228,132 @@ Required:: | `labelSelector` | `object` -| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +| LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. | `matchLabelKeys` | `array (string)` -| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). +| MatchLabelKeys is a set of pod label keys to select the pods over which +spreading will be calculated. The keys are used to lookup values from the +incoming pod labels, those key-value labels are ANDed with labelSelector +to select the group of existing pods over which spreading will be calculated +for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +MatchLabelKeys cannot be set when LabelSelector isn't set. +Keys that don't exist in the incoming pod labels will +be ignored. A null or empty list means only match against labelSelector. + + +This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). | `maxSkew` | `integer` -| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \| P P \| P P \| P \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. +| MaxSkew describes the degree to which pods may be unevenly distributed. +When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference +between the number of matching pods in the target topology and the global minimum. +The global minimum is the minimum number of matching pods in an eligible domain +or zero if the number of eligible domains is less than MinDomains. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 2/2/1: +In this case, the global minimum is 1. +\| zone1 \| zone2 \| zone3 \| +\| P P \| P P \| P \| +- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; +scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) +violate MaxSkew(1). +- if MaxSkew is 2, incoming pod can be scheduled onto any zone. +When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence +to topologies that satisfy it. +It's a required field. Default value is 1 and 0 is not allowed. | `minDomains` | `integer` -| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \| P P \| P P \| P P \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +| MinDomains indicates a minimum number of eligible domains. +When the number of eligible domains with matching topology keys is less than minDomains, +Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. +And when the number of eligible domains with matching topology keys equals or greater than minDomains, +this value has no effect on scheduling. +As a result, when the number of eligible domains is less than minDomains, +scheduler won't schedule more than maxSkew Pods to those domains. +If value is nil, the constraint behaves as if MinDomains is equal to 1. +Valid values are integers greater than 0. +When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + +For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same +labelSelector spread as 2/2/2: +\| zone1 \| zone2 \| zone3 \| +\| P P \| P P \| P P \| +The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. +In this situation, new pod with the same labelSelector cannot be scheduled, +because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, +it will violate MaxSkew. | `nodeAffinityPolicy` | `string` -| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector +when calculating pod topology spread skew. Options are: +- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. +- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + +If this value is nil, the behavior is equivalent to the Honor policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `nodeTaintsPolicy` | `string` -| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. +| NodeTaintsPolicy indicates how we will treat node taints when calculating +pod topology spread skew. Options are: +- Honor: nodes without taints, along with tainted nodes for which the incoming pod +has a toleration, are included. +- Ignore: node taints are ignored. All nodes are included. + + +If this value is nil, the behavior is equivalent to the Ignore policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. | `topologyKey` | `string` -| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. +| TopologyKey is the key of node labels. Nodes that have a label with this key +and identical values are considered to be in the same topology. +We consider each as a "bucket", and try to put balanced number +of pods into each bucket. +We define a domain as a particular instance of a topology. +Also, we define an eligible domain as a domain whose nodes meet the requirements of +nodeAffinityPolicy and nodeTaintsPolicy. +e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. +And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. +It's a required field. | `whenUnsatisfiable` | `string` -| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \| P \| P \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. +| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy +the spread constraint. +- DoNotSchedule (default) tells the scheduler not to schedule it. +- ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. +A constraint is considered "Unsatisfiable" for an incoming pod +if and only if every possible node assignment for that pod would violate +"MaxSkew" on some topology. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 3/1/1: +\| zone1 \| zone2 \| zone3 \| +\| P P P \| P \| P \| +If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled +to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies +MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler +won't make it *more* imbalanced. +It's a required field. |=== === .spec.topologySpreadConstraints[].labelSelector Description:: + -- -LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. -- Type:: @@ -8202,11 +10372,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.topologySpreadConstraints[].labelSelector.matchExpressions @@ -8226,7 +10399,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -8248,18 +10422,24 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.volumeMounts Description:: + -- -VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. +VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. +VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, +that are generated as a result of StorageSpec objects. -- Type:: @@ -8290,11 +10470,17 @@ Required:: | `mountPath` | `string` -| Path within the container at which the volume should be mounted. Must not contain ':'. +| Path within the container at which the volume should be mounted. Must +not contain ':'. | `mountPropagation` | `string` -| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. +| mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10. +When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified +(which defaults to None). | `name` | `string` @@ -8302,22 +10488,52 @@ Required:: | `readOnly` | `boolean` -| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +| Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false. + +| `recursiveReadOnly` +| `string` +| RecursiveReadOnly specifies whether read-only mounts should be handled +recursively. + + +If ReadOnly is false, this field has no meaning and must be unspecified. + + +If ReadOnly is true, and this field is set to Disabled, the mount is not made +recursively read-only. If this field is set to IfPossible, the mount is made +recursively read-only, if it is supported by the container runtime. If this +field is set to Enabled, the mount is made recursively read-only if it is +supported by the container runtime, otherwise the pod will not be started and +an error will be generated to indicate the reason. + + +If this field is set to IfPossible or Enabled, MountPropagation must be set to +None (or be unspecified, which defaults to None). + + +If this field is not specified, it is treated as an equivalent of Disabled. | `subPath` | `string` -| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). +| Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root). | `subPathExpr` | `string` -| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. +| Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive. |=== === .spec.volumes Description:: + -- -Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. +Volumes allows configuration of additional volumes on the output StatefulSet definition. +Volumes specified will be appended to other volumes that are generated as a result of +StorageSpec objects. -- Type:: @@ -8347,7 +10563,9 @@ Required:: | `awsElasticBlockStore` | `object` -| awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +| awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | `azureDisk` | `object` @@ -8363,7 +10581,8 @@ Required:: | `cinder` | `object` -| cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +| cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md | `configMap` | `object` @@ -8379,15 +10598,39 @@ Required:: | `emptyDir` | `object` -| emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +| emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir | `ephemeral` | `object` -| ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +| ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. | `fc` | `object` @@ -8395,7 +10638,8 @@ Required:: | `flexVolume` | `object` -| flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +| flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. | `flocker` | `object` @@ -8403,35 +10647,55 @@ Required:: | `gcePersistentDisk` | `object` -| gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +| gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | `gitRepo` | `object` -| gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +| gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. | `glusterfs` | `object` -| glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +| glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md | `hostPath` | `object` -| hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +| hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. | `iscsi` | `object` -| iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +| iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md | `name` | `string` -| name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +| name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | `nfs` | `object` -| nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +| nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs | `persistentVolumeClaim` | `object` -| persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +| persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | `photonPersistentDisk` | `object` @@ -8451,7 +10715,8 @@ Required:: | `rbd` | `object` -| rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +| rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md | `scaleIO` | `object` @@ -8459,7 +10724,8 @@ Required:: | `secret` | `object` -| secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +| secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret | `storageos` | `object` @@ -8474,7 +10740,9 @@ Required:: Description:: + -- -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -- Type:: @@ -8491,19 +10759,28 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine +| fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine | `partition` | `integer` -| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +| partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). | `readOnly` | `boolean` -| readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +| readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | `volumeID` | `string` -| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |=== === .spec.volumes[].azureDisk @@ -8540,7 +10817,9 @@ Required:: | `fsType` | `string` -| fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +| fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. | `kind` | `string` @@ -8548,7 +10827,8 @@ Required:: | `readOnly` | `boolean` -| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. |=== === .spec.volumes[].azureFile @@ -8573,7 +10853,8 @@ Required:: | `readOnly` | `boolean` -| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. | `secretName` | `string` @@ -8605,7 +10886,8 @@ Required:: | `monitors` | `array (string)` -| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +| monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it | `path` | `string` @@ -8613,26 +10895,32 @@ Required:: | `readOnly` | `boolean` -| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it | `secretFile` | `string` -| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it | `secretRef` | `object` -| secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +| secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it | `user` | `string` -| user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +| user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it |=== === .spec.volumes[].cephfs.secretRef Description:: + -- -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it -- Type:: @@ -8647,14 +10935,21 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].cinder Description:: + -- -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md -- Type:: @@ -8671,26 +10966,34 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +| fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md | `readOnly` | `boolean` -| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +| readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md | `secretRef` | `object` -| secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +| secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. | `volumeID` | `string` -| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +| volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md |=== === .spec.volumes[].cinder.secretRef Description:: + -- -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. -- Type:: @@ -8705,7 +11008,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].configMap @@ -8727,11 +11036,23 @@ Type:: | `defaultMode` | `integer` -| defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `items` | `array` -| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +| items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. | `items[]` | `object` @@ -8739,7 +11060,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8750,7 +11077,13 @@ Type:: Description:: + -- -items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. -- Type:: @@ -8785,11 +11118,19 @@ Required:: | `mode` | `integer` -| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `path` | `string` -| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. +| path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'. |=== === .spec.volumes[].csi @@ -8813,30 +11154,43 @@ Required:: | `driver` | `string` -| driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. +| driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster. | `fsType` | `string` -| fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. +| fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply. | `nodePublishSecretRef` | `object` -| nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +| nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. | `readOnly` | `boolean` -| readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). +| readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write). | `volumeAttributes` | `object (string)` -| volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. +| volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values. |=== === .spec.volumes[].csi.nodePublishSecretRef Description:: + -- -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. -- Type:: @@ -8851,7 +11205,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].downwardAPI @@ -8873,7 +11233,14 @@ Type:: | `defaultMode` | `integer` -| Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `items` | `array` @@ -8918,11 +11285,16 @@ Required:: | `fieldRef` | `object` -| Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +| Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. | `mode` | `integer` -| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `path` | `string` @@ -8930,14 +11302,15 @@ Required:: | `resourceFieldRef` | `object` -| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +| Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. |=== === .spec.volumes[].downwardAPI.items[].fieldRef Description:: + -- -Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. -- Type:: @@ -8965,7 +11338,8 @@ Required:: Description:: + -- -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. -- Type:: @@ -8997,7 +11371,8 @@ Required:: Description:: + -- -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir -- Type:: @@ -9012,22 +11387,53 @@ Type:: | `medium` | `string` -| medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +| medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir | `sizeLimit` | `integer-or-string` -| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +| sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |=== === .spec.volumes[].ephemeral Description:: + -- -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. -- Type:: @@ -9042,20 +11448,60 @@ Type:: | `volumeClaimTemplate` | `object` -| Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +| Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. |=== === .spec.volumes[].ephemeral.volumeClaimTemplate Description:: + -- -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. -- Type:: @@ -9072,18 +11518,25 @@ Required:: | `metadata` | `object` -| May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +| May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. | `spec` | `object` -| The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +| The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.metadata Description:: + -- -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. -- Type:: @@ -9096,7 +11549,10 @@ Type:: Description:: + -- -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. -- Type:: @@ -9111,19 +11567,53 @@ Type:: | `accessModes` | `array (string)` -| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 +| accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | `dataSource` | `object` -| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +| dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. | `dataSourceRef` | `object` -| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | `resources` | `object` -| resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +| resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | `selector` | `object` @@ -9131,15 +11621,28 @@ Type:: | `storageClassName` | `string` -| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +| storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | `volumeAttributesClassName` | `string` -| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +| volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. | `volumeMode` | `string` -| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. +| volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec. | `volumeName` | `string` @@ -9150,7 +11653,14 @@ Type:: Description:: + -- -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. -- Type:: @@ -9168,7 +11678,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -9183,7 +11695,29 @@ Required:: Description:: + -- -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. -- Type:: @@ -9201,7 +11735,9 @@ Required:: | `apiGroup` | `string` -| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. +| APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required. | `kind` | `string` @@ -9213,14 +11749,20 @@ Required:: | `namespace` | `string` -| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources Description:: + -- -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources -- Type:: @@ -9235,11 +11777,15 @@ Type:: | `limits` | `integer-or-string` -| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | `requests` | `integer-or-string` -| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.selector @@ -9265,11 +11811,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions @@ -9289,7 +11838,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -9311,11 +11861,15 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.volumes[].fc @@ -9337,7 +11891,10 @@ Type:: | `fsType` | `string` -| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine +| fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine | `lun` | `integer` @@ -9345,7 +11902,8 @@ Type:: | `readOnly` | `boolean` -| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. | `targetWWNs` | `array (string)` @@ -9353,14 +11911,16 @@ Type:: | `wwids` | `array (string)` -| wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. +| wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. |=== === .spec.volumes[].flexVolume Description:: + -- -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. -- Type:: @@ -9381,7 +11941,9 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. +| fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. | `options` | `object (string)` @@ -9389,18 +11951,27 @@ Required:: | `readOnly` | `boolean` -| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. | `secretRef` | `object` -| secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +| secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. |=== === .spec.volumes[].flexVolume.secretRef Description:: + -- -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. -- Type:: @@ -9415,7 +11986,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].flocker @@ -9437,7 +12014,8 @@ Type:: | `datasetName` | `string` -| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated +| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated | `datasetUUID` | `string` @@ -9448,7 +12026,9 @@ Type:: Description:: + -- -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -- Type:: @@ -9465,26 +12045,40 @@ Required:: | `fsType` | `string` -| fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine +| fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine | `partition` | `integer` -| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +| partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | `pdName` | `string` -| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | `readOnly` | `boolean` -| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +| readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |=== === .spec.volumes[].gitRepo Description:: + -- -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. -- Type:: @@ -9501,7 +12095,10 @@ Required:: | `directory` | `string` -| directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. +| directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name. | `repository` | `string` @@ -9516,7 +12113,8 @@ Required:: Description:: + -- -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md -- Type:: @@ -9534,22 +12132,33 @@ Required:: | `endpoints` | `string` -| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +| endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `path` | `string` -| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +| path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod | `readOnly` | `boolean` -| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod +| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod |=== === .spec.volumes[].hostPath Description:: + -- -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. -- Type:: @@ -9566,18 +12175,24 @@ Required:: | `path` | `string` -| path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +| path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath | `type` | `string` -| type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +| type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |=== === .spec.volumes[].iscsi Description:: + -- -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md -- Type:: @@ -9604,11 +12219,17 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine +| fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine | `initiatorName` | `string` -| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. +| initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection. | `iqn` | `string` @@ -9616,7 +12237,8 @@ Required:: | `iscsiInterface` | `string` -| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). +| iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp). | `lun` | `integer` @@ -9624,11 +12246,13 @@ Required:: | `portals` | `array (string)` -| portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). +| portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260). | `readOnly` | `boolean` -| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. +| readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. | `secretRef` | `object` @@ -9636,7 +12260,8 @@ Required:: | `targetPortal` | `string` -| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). +| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260). |=== === .spec.volumes[].iscsi.secretRef @@ -9658,14 +12283,21 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].nfs Description:: + -- -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs -- Type:: @@ -9683,22 +12315,28 @@ Required:: | `path` | `string` -| path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +| path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs | `readOnly` | `boolean` -| readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +| readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs | `server` | `string` -| server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +| server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs |=== === .spec.volumes[].persistentVolumeClaim Description:: + -- -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims -- Type:: @@ -9715,11 +12353,13 @@ Required:: | `claimName` | `string` -| claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +| claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | `readOnly` | `boolean` -| readOnly Will force the ReadOnly setting in VolumeMounts. Default false. +| readOnly Will force the ReadOnly setting in VolumeMounts. +Default false. |=== === .spec.volumes[].photonPersistentDisk @@ -9743,7 +12383,9 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +| fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. | `pdID` | `string` @@ -9771,11 +12413,14 @@ Required:: | `fsType` | `string` -| fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. +| fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. | `readOnly` | `boolean` -| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. | `volumeID` | `string` @@ -9801,7 +12446,12 @@ Type:: | `defaultMode` | `integer` -| defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `sources` | `array` @@ -9844,10 +12494,22 @@ Type:: | `clusterTrustBundle` | `object` -| ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +| ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time. | `configMap` | `object` @@ -9870,10 +12532,22 @@ Type:: Description:: + -- -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time. -- Type:: @@ -9890,15 +12564,23 @@ Required:: | `labelSelector` | `object` -| Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +| Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything". | `name` | `string` -| Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. +| Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector. | `optional` | `boolean` -| If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. +| If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles. | `path` | `string` @@ -9906,14 +12588,19 @@ Required:: | `signerName` | `string` -| Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. +| Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated. |=== === .spec.volumes[].projected.sources[].clusterTrustBundle.labelSelector Description:: + -- -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything". -- Type:: @@ -9932,11 +12619,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.volumes[].projected.sources[].clusterTrustBundle.labelSelector.matchExpressions @@ -9956,7 +12646,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -9978,11 +12669,15 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.volumes[].projected.sources[].configMap @@ -10004,7 +12699,13 @@ Type:: | `items` | `array` -| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +| items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. | `items[]` | `object` @@ -10012,7 +12713,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10023,7 +12730,13 @@ Type:: Description:: + -- -items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. -- Type:: @@ -10058,11 +12771,19 @@ Required:: | `mode` | `integer` -| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `path` | `string` -| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. +| path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'. |=== === .spec.volumes[].projected.sources[].downwardAPI @@ -10125,11 +12846,16 @@ Required:: | `fieldRef` | `object` -| Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +| Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. | `mode` | `integer` -| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `path` | `string` @@ -10137,14 +12863,15 @@ Required:: | `resourceFieldRef` | `object` -| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +| Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. |=== === .spec.volumes[].projected.sources[].downwardAPI.items[].fieldRef Description:: + -- -Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. -- Type:: @@ -10172,7 +12899,8 @@ Required:: Description:: + -- -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. -- Type:: @@ -10219,7 +12947,13 @@ Type:: | `items` | `array` -| items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +| items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. | `items[]` | `object` @@ -10227,7 +12961,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10238,7 +12978,13 @@ Type:: Description:: + -- -items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. -- Type:: @@ -10273,11 +13019,19 @@ Required:: | `mode` | `integer` -| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `path` | `string` -| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. +| path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'. |=== === .spec.volumes[].projected.sources[].serviceAccountToken @@ -10301,15 +13055,24 @@ Required:: | `audience` | `string` -| audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. +| audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver. | `expirationSeconds` | `integer` -| expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. +| expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes. | `path` | `string` -| path is the path relative to the mount point of the file to project the token into. +| path is the path relative to the mount point of the file to project the +token into. |=== === .spec.volumes[].quobyte @@ -10334,23 +13097,29 @@ Required:: | `group` | `string` -| group to map volume access to Default is no group +| group to map volume access to +Default is no group | `readOnly` | `boolean` -| readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. +| readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false. | `registry` | `string` -| registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes +| registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes | `tenant` | `string` -| tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin +| tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin | `user` | `string` -| user to map volume access to Defaults to serivceaccount user +| user to map volume access to +Defaults to serivceaccount user | `volume` | `string` @@ -10361,7 +13130,8 @@ Required:: Description:: + -- -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md -- Type:: @@ -10379,42 +13149,62 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine +| fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine | `image` | `string` -| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it | `keyring` | `string` -| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it | `monitors` | `array (string)` -| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it | `pool` | `string` -| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it | `readOnly` | `boolean` -| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it | `secretRef` | `object` -| secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it | `user` | `string` -| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +| user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it |=== === .spec.volumes[].rbd.secretRef Description:: + -- -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it -- Type:: @@ -10429,7 +13219,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].scaleIO @@ -10455,7 +13251,10 @@ Required:: | `fsType` | `string` -| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". +| fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs". | `gateway` | `string` @@ -10467,11 +13266,13 @@ Required:: | `readOnly` | `boolean` -| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. | `secretRef` | `object` -| secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +| secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. | `sslEnabled` | `boolean` @@ -10479,7 +13280,8 @@ Required:: | `storageMode` | `string` -| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. +| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned. | `storagePool` | `string` @@ -10491,14 +13293,16 @@ Required:: | `volumeName` | `string` -| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. +| volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source. |=== === .spec.volumes[].scaleIO.secretRef Description:: + -- -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. -- Type:: @@ -10513,14 +13317,21 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].secret Description:: + -- -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret -- Type:: @@ -10535,11 +13346,23 @@ Type:: | `defaultMode` | `integer` -| defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `items` | `array` -| items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +| items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. | `items[]` | `object` @@ -10551,14 +13374,21 @@ Type:: | `secretName` | `string` -| secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +| secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret |=== === .spec.volumes[].secret.items Description:: + -- -items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. +items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'. -- Type:: @@ -10593,11 +13423,19 @@ Required:: | `mode` | `integer` -| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +| mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set. | `path` | `string` -| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. +| path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'. |=== === .spec.volumes[].storageos @@ -10619,30 +13457,41 @@ Type:: | `fsType` | `string` -| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +| fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. | `readOnly` | `boolean` -| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. +| readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. | `secretRef` | `object` -| secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +| secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. | `volumeName` | `string` -| volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. +| volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace. | `volumeNamespace` | `string` -| volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. +| volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created. |=== === .spec.volumes[].storageos.secretRef Description:: + -- -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. -- Type:: @@ -10657,7 +13506,13 @@ Type:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. |=== === .spec.volumes[].vsphereVolume @@ -10681,7 +13536,9 @@ Required:: | `fsType` | `string` -| fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +| fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. | `storagePolicyID` | `string` @@ -10715,7 +13572,8 @@ Type:: | `getConcurrency` | `integer` -| Maximum number of GET requests processed concurrently. This corresponds to the Alertmanager's `--web.get-concurrency` flag. +| Maximum number of GET requests processed concurrently. This corresponds to the +Alertmanager's `--web.get-concurrency` flag. | `httpConfig` | `object` @@ -10723,7 +13581,8 @@ Type:: | `timeout` | `integer` -| Timeout for HTTP requests. This corresponds to the Alertmanager's `--web.timeout` flag. +| Timeout for HTTP requests. This corresponds to the Alertmanager's +`--web.timeout` flag. | `tlsConfig` | `object` @@ -10753,7 +13612,9 @@ Type:: | `http2` | `boolean` -| Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. +| Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. +When TLSConfig is not configured, HTTP/2 will be disabled. +Whenever the value of the field changes, a rolling update will be triggered. |=== === .spec.web.httpConfig.headers @@ -10775,23 +13636,35 @@ Type:: | `contentSecurityPolicy` | `string` -| Set the Content-Security-Policy header to HTTP responses. Unset if blank. +| Set the Content-Security-Policy header to HTTP responses. +Unset if blank. | `strictTransportSecurity` | `string` -| Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security +| Set the Strict-Transport-Security header to HTTP responses. +Unset if blank. +Please make sure that you use this with care as this header might force +browsers to load Prometheus and the other applications hosted on the same +domain and subdomains over HTTPS. +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security | `xContentTypeOptions` | `string` -| Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options +| Set the X-Content-Type-Options header to HTTP responses. +Unset if blank. Accepted value is nosniff. +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | `xFrameOptions` | `string` -| Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +| Set the X-Frame-Options header to HTTP responses. +Unset if blank. Accepted values are deny and sameorigin. +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | `xXSSProtection` | `string` -| Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection +| Set the X-XSS-Protection header to all responses. +Unset if blank. +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection |=== === .spec.web.tlsConfig @@ -10820,11 +13693,15 @@ Required:: | `cipherSuites` | `array (string)` -| List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants +| List of supported cipher suites for TLS versions up to TLS 1.2. If empty, +Go default cipher suites are used. Available cipher suites are documented +in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants | `clientAuthType` | `string` -| Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType +| Server policy for client authentication. Maps to ClientAuth Policies. +For more detail on clientAuth options: +https://golang.org/pkg/crypto/tls/#ClientAuthType | `client_ca` | `object` @@ -10832,7 +13709,9 @@ Required:: | `curvePreferences` | `array (string)` -| Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID +| Elliptic curves that will be used in an ECDHE handshake, in preference +order. Available curves are documented in the go documentation: +https://golang.org/pkg/crypto/tls/#CurveID | `keySecret` | `object` @@ -10848,7 +13727,10 @@ Required:: | `preferServerCipherSuites` | `boolean` -| Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. +| Controls whether the server selects the +client's most preferred cipher suite, or the server's most preferred +cipher suite. If true then the server's preference, as expressed in +the order of elements in cipherSuites, is used. |=== === .spec.web.tlsConfig.cert @@ -10902,7 +13784,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10934,7 +13822,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10992,7 +13886,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -11024,7 +13924,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -11056,7 +13962,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -11067,7 +13979,9 @@ Required:: Description:: + -- -Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +Most recent observed status of the Alertmanager cluster. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- Type:: @@ -11088,7 +14002,8 @@ Required:: | `availableReplicas` | `integer` -| Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. +| Total number of available pods (ready for at least minReadySeconds) +targeted by this Alertmanager cluster. | `conditions` | `array` @@ -11096,15 +14011,18 @@ Required:: | `conditions[]` | `object` -| Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource. +| Condition represents the state of the resources associated with the +Prometheus, Alertmanager or ThanosRuler resource. | `paused` | `boolean` -| Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. +| Represents whether any actions on the underlying managed objects are +being performed. Only delete actions will be performed. | `replicas` | `integer` -| Total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector). +| Total number of non-terminated pods targeted by this Alertmanager +object (their labels match the selector). | `unavailableReplicas` | `integer` @@ -11112,7 +14030,8 @@ Required:: | `updatedReplicas` | `integer` -| Total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec. +| Total number of non-terminated pods targeted by this Alertmanager +object that have the desired version spec. |=== === .status.conditions @@ -11132,7 +14051,8 @@ Type:: Description:: + -- -Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource. +Condition represents the state of the resources associated with the +Prometheus, Alertmanager or ThanosRuler resource. -- Type:: @@ -11159,7 +14079,11 @@ Required:: | `observedGeneration` | `integer` -| ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance. +| ObservedGeneration represents the .metadata.generation that the +condition was set based upon. For instance, if `.metadata.generation` is +currently 12, but the `.status.conditions[].observedGeneration` is 9, the +condition is out of date with respect to the current state of the +instance. | `reason` | `string` diff --git a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc index 378896d15b..966e24f334 100644 --- a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc +++ b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc @@ -11,7 +11,8 @@ toc::[] Description:: + -- -AlertmanagerConfig configures the Prometheus Alertmanager, specifying how alerts should be grouped, inhibited and notified to external systems. +AlertmanagerConfig configures the Prometheus Alertmanager, +specifying how alerts should be grouped, inhibited and notified to external systems. -- Type:: @@ -41,14 +42,18 @@ Required:: | `spec` | `object` -| AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. +| AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. +By definition, the Alertmanager configuration only applies to alerts for which +the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. |=== === .spec Description:: + -- -AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. +AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. +By definition, the Alertmanager configuration only applies to alerts for which +the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. -- Type:: @@ -63,11 +68,14 @@ Type:: | `inhibitRules` | `array` -| List of inhibition rules. The rules will only apply to alerts matching the resource's namespace. +| List of inhibition rules. The rules will only apply to alerts matching +the resource's namespace. | `inhibitRules[]` | `object` -| InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule +| InhibitRule defines an inhibition rule that allows to mute alerts when other +alerts are already firing. +See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule | `receivers` | `array` @@ -79,7 +87,9 @@ Type:: | `route` | `object` -| The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. +| The Alertmanager route definition for alerts matching the resource's +namespace. If present, it will be added to the generated Alertmanager +configuration as a first-level route. | `timeIntervals` | `array` @@ -94,7 +104,8 @@ Type:: Description:: + -- -List of inhibition rules. The rules will only apply to alerts matching the resource's namespace. +List of inhibition rules. The rules will only apply to alerts matching +the resource's namespace. -- Type:: @@ -107,7 +118,9 @@ Type:: Description:: + -- -InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule +InhibitRule defines an inhibition rule that allows to mute alerts when other +alerts are already firing. +See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule -- Type:: @@ -122,11 +135,14 @@ Type:: | `equal` | `array (string)` -| Labels that must have an equal value in the source and target alert for the inhibition to take effect. +| Labels that must have an equal value in the source and target alert for +the inhibition to take effect. | `sourceMatch` | `array` -| Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace. +| Matchers for which one or more alerts have to exist for the inhibition +to take effect. The operator enforces that the alert matches the +resource's namespace. | `sourceMatch[]` | `object` @@ -134,7 +150,8 @@ Type:: | `targetMatch` | `array` -| Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace. +| Matchers that have to be fulfilled in the alerts to be muted. The +operator enforces that the alert matches the resource's namespace. | `targetMatch[]` | `object` @@ -145,7 +162,9 @@ Type:: Description:: + -- -Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace. +Matchers for which one or more alerts have to exist for the inhibition +to take effect. The operator enforces that the alert matches the +resource's namespace. -- Type:: @@ -175,7 +194,9 @@ Required:: | `matchType` | `string` -| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex match) or `!~` (not regex match). Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. +| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex +match) or `!~` (not regex match). +Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. | `name` | `string` @@ -190,7 +211,8 @@ Required:: Description:: + -- -Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace. +Matchers that have to be fulfilled in the alerts to be muted. The +operator enforces that the alert matches the resource's namespace. -- Type:: @@ -220,7 +242,9 @@ Required:: | `matchType` | `string` -| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex match) or `!~` (not regex match). Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. +| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex +match) or `!~` (not regex match). +Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. | `name` | `string` @@ -269,7 +293,8 @@ Required:: | `discordConfigs[]` | `object` -| DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config +| DiscordConfig configures notifications via Discord. +See https://prometheus.io/docs/alerting/latest/configuration/#discord_config | `emailConfigs` | `array` @@ -281,11 +306,13 @@ Required:: | `msteamsConfigs` | `array` -| List of MSTeams configurations. It requires Alertmanager >= 0.26.0. +| List of MSTeams configurations. +It requires Alertmanager >= 0.26.0. | `msteamsConfigs[]` | `object` -| MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0. +| MSTeamsConfig configures notifications via Microsoft Teams. +It requires Alertmanager >= 0.26.0. | `name` | `string` @@ -297,7 +324,8 @@ Required:: | `opsgenieConfigs[]` | `object` -| OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config +| OpsGenieConfig configures notifications via OpsGenie. +See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config | `pagerdutyConfigs` | `array` @@ -305,7 +333,8 @@ Required:: | `pagerdutyConfigs[]` | `object` -| PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config +| PagerDutyConfig configures notifications via PagerDuty. +See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config | `pushoverConfigs` | `array` @@ -313,7 +342,8 @@ Required:: | `pushoverConfigs[]` | `object` -| PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config +| PushoverConfig configures notifications via Pushover. +See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config | `slackConfigs` | `array` @@ -321,7 +351,8 @@ Required:: | `slackConfigs[]` | `object` -| SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config +| SlackConfig configures notifications via Slack. +See https://prometheus.io/docs/alerting/latest/configuration/#slack_config | `snsConfigs` | `array` @@ -329,7 +360,8 @@ Required:: | `snsConfigs[]` | `object` -| SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs +| SNSConfig configures notifications via AWS SNS. +See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs | `telegramConfigs` | `array` @@ -337,7 +369,8 @@ Required:: | `telegramConfigs[]` | `object` -| TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config +| TelegramConfig configures notifications via Telegram. +See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config | `victoropsConfigs` | `array` @@ -345,7 +378,8 @@ Required:: | `victoropsConfigs[]` | `object` -| VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config +| VictorOpsConfig configures notifications via VictorOps. +See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config | `webexConfigs` | `array` @@ -353,7 +387,8 @@ Required:: | `webexConfigs[]` | `object` -| WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config +| WebexConfig configures notification via Cisco Webex +See https://prometheus.io/docs/alerting/latest/configuration/#webex_config | `webhookConfigs` | `array` @@ -361,7 +396,8 @@ Required:: | `webhookConfigs[]` | `object` -| WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config +| WebhookConfig configures notifications via a generic receiver supporting the webhook payload. +See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config | `wechatConfigs` | `array` @@ -369,7 +405,8 @@ Required:: | `wechatConfigs[]` | `object` -| WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config +| WeChatConfig configures notifications via WeChat. +See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config |=== === .spec.receivers[].discordConfigs @@ -389,7 +426,8 @@ Type:: Description:: + -- -DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config +DiscordConfig configures notifications via Discord. +See https://prometheus.io/docs/alerting/latest/configuration/#discord_config -- Type:: @@ -404,7 +442,9 @@ Type:: | `apiURL` | `object` -| The secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the Discord webhook URL. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `httpConfig` | `object` @@ -427,7 +467,9 @@ Type:: Description:: + -- -The secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the Discord webhook URL. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -448,7 +490,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -474,15 +522,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -505,7 +558,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -524,9 +578,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].discordConfigs[].httpConfig.authorization.credentials @@ -554,7 +612,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -565,7 +629,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -580,18 +645,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].discordConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -612,7 +680,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -623,7 +697,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -644,7 +719,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -655,7 +736,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -703,15 +787,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -726,7 +813,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -773,7 +861,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -805,7 +899,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -816,7 +916,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -837,7 +938,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -933,7 +1040,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -965,7 +1078,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1023,7 +1142,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1055,7 +1180,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1087,7 +1218,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1130,11 +1267,15 @@ Type:: | `authPassword` | `object` -| The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the password to use for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `authSecret` | `object` -| The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the CRAM-MD5 secret. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `authUsername` | `string` @@ -1146,7 +1287,8 @@ Type:: | `headers` | `array` -| Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. +| Further headers email header key/value pairs. Overrides any headers +previously set by the notification implementation. | `headers[]` | `object` @@ -1162,7 +1304,8 @@ Type:: | `requireTLS` | `boolean` -| The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. +| The SMTP TLS requirement. +Note that Go does not support unencrypted connections to remote SMTP endpoints. | `sendResolved` | `boolean` @@ -1189,7 +1332,9 @@ Type:: Description:: + -- -The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the password to use for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -1218,7 +1363,9 @@ Required:: Description:: + -- -The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the CRAM-MD5 secret. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -1247,7 +1394,8 @@ Required:: Description:: + -- -Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. +Further headers email header key/value pairs. Overrides any headers +previously set by the notification implementation. -- Type:: @@ -1374,7 +1522,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1406,7 +1560,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1464,7 +1624,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1496,7 +1662,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1528,7 +1700,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1539,7 +1717,8 @@ Required:: Description:: + -- -List of MSTeams configurations. It requires Alertmanager >= 0.26.0. +List of MSTeams configurations. +It requires Alertmanager >= 0.26.0. -- Type:: @@ -1552,7 +1731,8 @@ Type:: Description:: + -- -MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0. +MSTeamsConfig configures notifications via Microsoft Teams. +It requires Alertmanager >= 0.26.0. -- Type:: @@ -1577,7 +1757,8 @@ Required:: | `summary` | `string` -| Message summary template. It requires Alertmanager >= 0.27.0. +| Message summary template. +It requires Alertmanager >= 0.27.0. | `text` | `string` @@ -1611,15 +1792,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -1642,7 +1828,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -1661,9 +1848,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].msteamsConfigs[].httpConfig.authorization.credentials @@ -1691,7 +1882,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1702,7 +1899,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -1717,18 +1915,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].msteamsConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -1749,7 +1950,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1760,7 +1967,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -1781,7 +1989,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1792,7 +2006,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -1840,15 +2057,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -1863,7 +2083,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -1910,7 +2131,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1942,7 +2169,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1953,7 +2186,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -1974,7 +2208,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2070,7 +2310,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2102,7 +2348,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2160,7 +2412,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2192,7 +2450,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2224,7 +2488,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2256,7 +2526,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2280,7 +2556,8 @@ Type:: Description:: + -- -OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config +OpsGenieConfig configures notifications via OpsGenie. +See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config -- Type:: @@ -2299,7 +2576,9 @@ Type:: | `apiKey` | `object` -| The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the OpsGenie API key. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `apiURL` | `string` @@ -2343,7 +2622,8 @@ Type:: | `responders[]` | `object` -| OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. +| OpsGenieConfigResponder defines a responder to an incident. +One of `id`, `name` or `username` has to be defined. | `sendResolved` | `boolean` @@ -2362,7 +2642,9 @@ Type:: Description:: + -- -The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the OpsGenie API key. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -2448,15 +2730,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -2479,7 +2766,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -2498,9 +2786,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.authorization.credentials @@ -2528,7 +2820,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2539,7 +2837,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -2554,18 +2853,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -2586,7 +2888,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2597,7 +2905,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -2618,7 +2927,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2629,7 +2944,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -2677,15 +2995,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -2700,7 +3021,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -2747,7 +3069,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2779,7 +3107,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2790,7 +3124,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -2811,7 +3146,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2907,7 +3248,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2939,7 +3286,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -2997,7 +3350,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3029,7 +3388,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3061,7 +3426,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3085,7 +3456,8 @@ Type:: Description:: + -- -OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. +OpsGenieConfigResponder defines a responder to an incident. +One of `id`, `name` or `username` has to be defined. -- Type:: @@ -3134,7 +3506,8 @@ Type:: Description:: + -- -PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config +PagerDutyConfig configures notifications via PagerDuty. +See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config -- Type:: @@ -3201,7 +3574,10 @@ Type:: | `routingKey` | `object` -| The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the PagerDuty integration key (when using +Events API v2). Either this field or `serviceKey` needs to be defined. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `sendResolved` | `boolean` @@ -3209,12 +3585,20 @@ Type:: | `serviceKey` | `object` -| The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the PagerDuty service key (when using +integration type "Prometheus"). Either this field or `routingKey` needs to +be defined. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `severity` | `string` | Severity of the incident. +| `source` +| `string` +| Unique location of the affected system. + | `url` | `string` | The URL to send requests to. @@ -3281,15 +3665,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -3312,7 +3701,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -3331,9 +3721,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.authorization.credentials @@ -3361,7 +3755,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3372,7 +3772,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -3387,18 +3788,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -3419,7 +3823,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3430,7 +3840,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -3451,7 +3862,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3462,7 +3879,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -3510,15 +3930,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -3533,7 +3956,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -3580,7 +4004,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3612,7 +4042,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3623,7 +4059,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -3644,7 +4081,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3740,7 +4183,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3772,7 +4221,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3830,7 +4285,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3862,7 +4323,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3894,7 +4361,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -3987,7 +4460,10 @@ Type:: Description:: + -- -The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the PagerDuty integration key (when using +Events API v2). Either this field or `serviceKey` needs to be defined. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -4016,7 +4492,11 @@ Required:: Description:: + -- -The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the PagerDuty service key (when using +integration type "Prometheus"). Either this field or `routingKey` needs to +be defined. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -4058,7 +4538,8 @@ Type:: Description:: + -- -PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config +PushoverConfig configures notifications via Pushover. +See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config -- Type:: @@ -4077,7 +4558,8 @@ Type:: | `expire` | `string` -| How long your notification will continue to be retried for, unless the user acknowledges the notification. +| How long your notification will continue to be retried for, unless the user +acknowledges the notification. | `html` | `boolean` @@ -4097,7 +4579,8 @@ Type:: | `retry` | `string` -| How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. +| How often the Pushover servers will send the same notification to the user. +Must be at least 30 seconds. | `sendResolved` | `boolean` @@ -4113,11 +4596,20 @@ Type:: | `token` | `object` -| The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `token` or `tokenFile` is required. +| The secret's key that contains the registered application's API token, see https://pushover.net/apps. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. +Either `token` or `tokenFile` is required. | `tokenFile` | `string` -| The token file that contains the registered application's API token, see https://pushover.net/apps. Either `token` or `tokenFile` is required. It requires Alertmanager >= v0.26.0. +| The token file that contains the registered application's API token, see https://pushover.net/apps. +Either `token` or `tokenFile` is required. +It requires Alertmanager >= v0.26.0. + +| `ttl` +| `string` +| The time to live definition for the alert notification | `url` | `string` @@ -4129,11 +4621,16 @@ Type:: | `userKey` | `object` -| The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `userKey` or `userKeyFile` is required. +| The secret's key that contains the recipient user's user key. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. +Either `userKey` or `userKeyFile` is required. | `userKeyFile` | `string` -| The user key file that contains the recipient user's user key. Either `userKey` or `userKeyFile` is required. It requires Alertmanager >= v0.26.0. +| The user key file that contains the recipient user's user key. +Either `userKey` or `userKeyFile` is required. +It requires Alertmanager >= v0.26.0. |=== === .spec.receivers[].pushoverConfigs[].httpConfig @@ -4155,15 +4652,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -4186,7 +4688,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -4205,9 +4708,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].pushoverConfigs[].httpConfig.authorization.credentials @@ -4235,7 +4742,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4246,7 +4759,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -4261,18 +4775,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -4293,7 +4810,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4304,7 +4827,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -4325,7 +4849,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4336,7 +4866,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -4384,15 +4917,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -4407,7 +4943,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -4454,7 +4991,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4486,7 +5029,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4497,7 +5046,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -4518,7 +5068,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4614,7 +5170,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4646,7 +5208,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4704,7 +5272,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4736,7 +5310,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4768,7 +5348,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -4779,7 +5365,10 @@ Required:: Description:: + -- -The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `token` or `tokenFile` is required. +The secret's key that contains the registered application's API token, see https://pushover.net/apps. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. +Either `token` or `tokenFile` is required. -- Type:: @@ -4808,7 +5397,10 @@ Required:: Description:: + -- -The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `userKey` or `userKeyFile` is required. +The secret's key that contains the recipient user's user key. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. +Either `userKey` or `userKeyFile` is required. -- Type:: @@ -4850,7 +5442,8 @@ Type:: Description:: + -- -SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config +SlackConfig configures notifications via Slack. +See https://prometheus.io/docs/alerting/latest/configuration/#slack_config -- Type:: @@ -4869,11 +5462,16 @@ Type:: | `actions[]` | `object` -| SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. +| SlackAction configures a single Slack action that is sent with each +notification. +See https://api.slack.com/docs/message-attachments#action_fields and +https://api.slack.com/docs/message-buttons for more information. | `apiURL` | `object` -| The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the Slack webhook URL. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `callbackId` | `string` @@ -4897,7 +5495,10 @@ Type:: | `fields[]` | `object` -| SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. +| SlackField configures a single Slack field that is sent with each notification. +Each field must contain a title, value, and optionally, a boolean value to indicate if the field +is short enough to be displayed next to other fields designated as short. +See https://api.slack.com/docs/message-attachments#fields for more information. | `footer` | `string` @@ -4977,7 +5578,10 @@ Type:: Description:: + -- -SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. +SlackAction configures a single Slack action that is sent with each +notification. +See https://api.slack.com/docs/message-attachments#action_fields and +https://api.slack.com/docs/message-buttons for more information. -- Type:: @@ -4995,7 +5599,11 @@ Required:: | `confirm` | `object` -| SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. +| SlackConfirmationField protect users from destructive actions or +particularly distinguished decisions by asking them to confirm their button +click one more time. +See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields +for more information. | `name` | `string` @@ -5026,7 +5634,11 @@ Required:: Description:: + -- -SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. +SlackConfirmationField protect users from destructive actions or +particularly distinguished decisions by asking them to confirm their button +click one more time. +See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields +for more information. -- Type:: @@ -5062,7 +5674,9 @@ Required:: Description:: + -- -The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the Slack webhook URL. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -5104,7 +5718,10 @@ Type:: Description:: + -- -SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. +SlackField configures a single Slack field that is sent with each notification. +Each field must contain a title, value, and optionally, a boolean value to indicate if the field +is short enough to be displayed next to other fields designated as short. +See https://api.slack.com/docs/message-attachments#fields for more information. -- Type:: @@ -5152,15 +5769,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -5183,7 +5805,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -5202,9 +5825,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].slackConfigs[].httpConfig.authorization.credentials @@ -5232,7 +5859,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5243,7 +5876,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -5258,18 +5892,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].slackConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -5290,7 +5927,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5301,7 +5944,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -5322,7 +5966,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5333,7 +5983,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -5381,15 +6034,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -5404,7 +6060,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -5451,7 +6108,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5483,7 +6146,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5494,7 +6163,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -5515,7 +6185,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5611,7 +6287,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5643,7 +6325,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5701,7 +6389,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5733,7 +6427,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5765,7 +6465,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5789,7 +6495,8 @@ Type:: Description:: + -- -SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs +SNSConfig configures notifications via AWS SNS. +See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs -- Type:: @@ -5804,7 +6511,8 @@ Type:: | `apiURL` | `string` -| The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used. +| The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. +If not specified, the SNS API URL from the SNS SDK will be used. | `attributes` | `object (string)` @@ -5820,7 +6528,8 @@ Type:: | `phoneNumber` | `string` -| Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN. +| Phone number if message is delivered via SMS in E.164 format. +If you don't specify this value, you must specify a value for the TopicARN or TargetARN. | `sendResolved` | `boolean` @@ -5836,11 +6545,13 @@ Type:: | `targetARN` | `string` -| The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. +| The mobile platform endpoint ARN if message is delivered via mobile notifications. +If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. | `topicARN` | `string` -| SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. +| SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic +If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. |=== === .spec.receivers[].snsConfigs[].httpConfig @@ -5862,15 +6573,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -5893,7 +6609,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -5912,9 +6629,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].snsConfigs[].httpConfig.authorization.credentials @@ -5942,7 +6663,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -5953,7 +6680,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -5968,18 +6696,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].snsConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -6000,7 +6731,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6011,7 +6748,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -6032,7 +6770,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6043,7 +6787,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -6091,15 +6838,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -6114,7 +6864,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -6161,7 +6912,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6193,7 +6950,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6204,7 +6967,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -6225,7 +6989,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6321,7 +7091,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6353,7 +7129,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6411,7 +7193,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6443,7 +7231,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6475,7 +7269,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6501,7 +7301,8 @@ Type:: | `accessKey` | `object` -| AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. +| AccessKey is the AWS API key. If not specified, the environment variable +`AWS_ACCESS_KEY_ID` is used. | `profile` | `string` @@ -6517,14 +7318,16 @@ Type:: | `secretKey` | `object` -| SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. +| SecretKey is the AWS API secret. If not specified, the environment +variable `AWS_SECRET_ACCESS_KEY` is used. |=== === .spec.receivers[].snsConfigs[].sigv4.accessKey Description:: + -- -AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. +AccessKey is the AWS API key. If not specified, the environment variable +`AWS_ACCESS_KEY_ID` is used. -- Type:: @@ -6545,7 +7348,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6556,7 +7365,8 @@ Required:: Description:: + -- -SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. +SecretKey is the AWS API secret. If not specified, the environment +variable `AWS_SECRET_ACCESS_KEY` is used. -- Type:: @@ -6577,7 +7387,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6601,7 +7417,8 @@ Type:: Description:: + -- -TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config +TelegramConfig configures notifications via Telegram. +See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config -- Type:: @@ -6616,17 +7433,25 @@ Type:: | `apiURL` | `string` -| The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used. +| The Telegram API URL i.e. https://api.telegram.org. +If not specified, default API URL will be used. | `botToken` | `object` -| Telegram bot token. It is mutually exclusive with `botTokenFile`. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. +| Telegram bot token. It is mutually exclusive with `botTokenFile`. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. + + +Either `botToken` or `botTokenFile` is required. | `botTokenFile` | `string` -| File to read the Telegram bot token from. It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. - It requires Alertmanager >= v0.26.0. +| File to read the Telegram bot token from. It is mutually exclusive with `botToken`. +Either `botToken` or `botTokenFile` is required. + + +It requires Alertmanager >= v0.26.0. | `chatID` | `integer` @@ -6657,8 +7482,12 @@ Type:: Description:: + -- -Telegram bot token. It is mutually exclusive with `botTokenFile`. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - Either `botToken` or `botTokenFile` is required. +Telegram bot token. It is mutually exclusive with `botTokenFile`. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. + + +Either `botToken` or `botTokenFile` is required. -- Type:: @@ -6702,15 +7531,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -6733,7 +7567,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -6752,9 +7587,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].telegramConfigs[].httpConfig.authorization.credentials @@ -6782,7 +7621,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6793,7 +7638,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -6808,18 +7654,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].telegramConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -6840,7 +7689,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6851,7 +7706,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -6872,7 +7728,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -6883,7 +7745,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -6931,15 +7796,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -6954,7 +7822,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -7001,7 +7870,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7033,7 +7908,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7044,7 +7925,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -7065,7 +7947,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7161,7 +8049,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7193,7 +8087,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7251,7 +8151,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7283,7 +8189,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7315,7 +8227,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7339,7 +8257,8 @@ Type:: Description:: + -- -VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config +VictorOpsConfig configures notifications via VictorOps. +See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config -- Type:: @@ -7354,7 +8273,9 @@ Type:: | `apiKey` | `object` -| The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the API key to use when talking to the VictorOps API. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `apiUrl` | `string` @@ -7401,7 +8322,9 @@ Type:: Description:: + -- -The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the API key to use when talking to the VictorOps API. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -7487,15 +8410,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -7518,7 +8446,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -7537,9 +8466,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].victoropsConfigs[].httpConfig.authorization.credentials @@ -7567,7 +8500,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7578,7 +8517,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -7593,18 +8533,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -7625,7 +8568,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7636,7 +8585,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -7657,7 +8607,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7668,7 +8624,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -7716,15 +8675,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -7739,7 +8701,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -7786,7 +8749,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7818,7 +8787,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7829,7 +8804,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -7850,7 +8826,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7946,7 +8928,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -7978,7 +8966,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8036,7 +9030,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8068,7 +9068,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8100,7 +9106,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8124,7 +9136,8 @@ Type:: Description:: + -- -WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config +WebexConfig configures notification via Cisco Webex +See https://prometheus.io/docs/alerting/latest/configuration/#webex_config -- Type:: @@ -8145,7 +9158,8 @@ Required:: | `httpConfig` | `object` -| The HTTP client's configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. +| The HTTP client's configuration. +You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. | `message` | `string` @@ -8164,7 +9178,8 @@ Required:: Description:: + -- -The HTTP client's configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. +The HTTP client's configuration. +You must use this configuration to supply the bot token as part of the HTTP `Authorization` header. -- Type:: @@ -8179,15 +9194,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -8210,7 +9230,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -8229,9 +9250,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].webexConfigs[].httpConfig.authorization.credentials @@ -8259,7 +9284,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8270,7 +9301,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -8285,18 +9317,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].webexConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -8317,7 +9352,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8328,7 +9369,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -8349,7 +9391,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8360,7 +9408,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -8408,15 +9459,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -8431,7 +9485,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -8478,7 +9533,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8510,7 +9571,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8521,7 +9588,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -8542,7 +9610,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8638,7 +9712,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8670,7 +9750,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8728,7 +9814,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8760,7 +9852,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8792,7 +9890,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8816,7 +9920,8 @@ Type:: Description:: + -- -WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config +WebhookConfig configures notifications via a generic receiver supporting the webhook payload. +See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config -- Type:: @@ -8843,11 +9948,16 @@ Type:: | `url` | `string` -| The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. +| The URL to send HTTP POST requests to. `urlSecret` takes precedence over +`url`. One of `urlSecret` and `url` should be defined. | `urlSecret` | `object` -| The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the webhook URL to send HTTP requests to. +`urlSecret` takes precedence over `url`. One of `urlSecret` and `url` +should be defined. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. |=== === .spec.receivers[].webhookConfigs[].httpConfig @@ -8869,15 +9979,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -8900,7 +10015,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -8919,9 +10035,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].webhookConfigs[].httpConfig.authorization.credentials @@ -8949,7 +10069,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -8960,7 +10086,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -8975,18 +10102,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].webhookConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -9007,7 +10137,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9018,7 +10154,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -9039,7 +10176,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9050,7 +10193,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -9098,15 +10244,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -9121,7 +10270,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -9168,7 +10318,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9200,7 +10356,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9211,7 +10373,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -9232,7 +10395,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9328,7 +10497,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9360,7 +10535,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9418,7 +10599,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9450,7 +10637,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9482,7 +10675,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9493,7 +10692,11 @@ Required:: Description:: + -- -The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the webhook URL to send HTTP requests to. +`urlSecret` takes precedence over `url`. One of `urlSecret` and `url` +should be defined. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -9535,7 +10738,8 @@ Type:: Description:: + -- -WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config +WeChatConfig configures notifications via WeChat. +See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config -- Type:: @@ -9554,7 +10758,9 @@ Type:: | `apiSecret` | `object` -| The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the WeChat API key. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `apiURL` | `string` @@ -9597,7 +10803,9 @@ Type:: Description:: + -- -The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the WeChat API key. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -9641,15 +10849,20 @@ Type:: | `authorization` | `object` -| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +| Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. | `basicAuth` | `object` -| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +| BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. | `bearerTokenSecret` | `object` -| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +| The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. | `followRedirects` | `boolean` @@ -9672,7 +10885,8 @@ Type:: Description:: + -- -Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. +Authorization header configuration for the client. +This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. -- Type:: @@ -9691,9 +10905,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.receivers[].wechatConfigs[].httpConfig.authorization.credentials @@ -9721,7 +10939,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9732,7 +10956,8 @@ Required:: Description:: + -- -BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. +BasicAuth for the client. +This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. -- Type:: @@ -9747,18 +10972,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.receivers[].wechatConfigs[].httpConfig.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -9779,7 +11007,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9790,7 +11024,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -9811,7 +11046,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9822,7 +11063,10 @@ Required:: Description:: + -- -The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. +The secret's key that contains the bearer token to be used by the client +for authentication. +The secret needs to be in the same namespace as the AlertmanagerConfig +object and accessible by the Prometheus Operator. -- Type:: @@ -9870,15 +11114,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -9893,7 +11140,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -9940,7 +11188,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9972,7 +11226,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -9983,7 +11243,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -10004,7 +11265,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10100,7 +11367,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10132,7 +11405,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10190,7 +11469,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10222,7 +11507,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10254,7 +11545,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -10265,7 +11562,9 @@ Required:: Description:: + -- -The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. +The Alertmanager route definition for alerts matching the resource's +namespace. If present, it will be added to the generated Alertmanager +configuration as a first-level route. -- Type:: @@ -10284,23 +11583,34 @@ Type:: | `continue` | `boolean` -| Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. +| Boolean indicating whether an alert should continue matching subsequent +sibling nodes. It will always be overridden to true for the first-level +route by the Prometheus operator. | `groupBy` | `array (string)` -| List of labels to group by. Labels must not be repeated (unique list). Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. +| List of labels to group by. +Labels must not be repeated (unique list). +Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. | `groupInterval` | `string` -| How long to wait before sending an updated notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "5m" +| How long to wait before sending an updated notification. +Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` +Example: "5m" | `groupWait` | `string` -| How long to wait before sending the initial notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "30s" +| How long to wait before sending the initial notification. +Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` +Example: "30s" | `matchers` | `array` -| List of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. +| List of matchers that the alert's labels should match. For the first +level route, the operator removes any existing equality and regexp +matcher on the `namespace` label and adds a `namespace: ` matcher. | `matchers[]` | `object` @@ -10308,15 +11618,25 @@ Type:: | `muteTimeIntervals` | `array (string)` -| Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn't support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can't validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of TimeInterval names that will mute this route when matched. +| Note: this comment applies to the field definition above but appears +below otherwise it gets included in the generated manifest. +CRD schema doesn't support self-referential types for now (see +https://github.com/kubernetes/kubernetes/issues/62872). We have to use +an alternative type to circumvent the limitation. The downside is that +the Kube API can't validate the data beyond the fact that it is a valid +JSON representation. +MuteTimeIntervals is a list of TimeInterval names that will mute this route when matched. | `receiver` | `string` -| Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. +| Name of the receiver for this route. If not empty, it should be listed in +the `receivers` field. | `repeatInterval` | `string` -| How long to wait before repeating the last notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "4h" +| How long to wait before repeating the last notification. +Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` +Example: "4h" | `routes` | `array (undefined)` @@ -10327,7 +11647,10 @@ Type:: Description:: + -- -List of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher. +List of matchers that the alert's labels should match. For the first +level route, the operator removes any existing equality and regexp +matcher on the `namespace` label and adds a `namespace: ` matcher. -- Type:: @@ -10357,7 +11680,9 @@ Required:: | `matchType` | `string` -| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex match) or `!~` (not regex match). Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. +| Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex +match) or `!~` (not regex match). +Negative operators (`!=` and `!~`) require Alertmanager >= v0.22.0. | `name` | `string` diff --git a/rest_api/monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc b/rest_api/monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc new file mode 100644 index 0000000000..f12cbc4c8f --- /dev/null +++ b/rest_api/monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc @@ -0,0 +1,840 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="datagather-insights-openshift-io-v1alpha1"] += DataGather [insights.openshift.io/v1alpha1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +DataGather provides data gather configuration options and status for the particular Insights data gathering. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + +Type:: + `object` + +Required:: + - `spec` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `spec` +| `object` +| spec holds user settable values for configuration + +| `status` +| `object` +| status holds observed values from the cluster. They may not be overridden. + +|=== +=== .spec +Description:: ++ +-- +spec holds user settable values for configuration +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `dataPolicy` +| `string` +| dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are "ClearText" and "ObfuscateNetworking". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText. + +| `gatherers` +| `array` +| gatherers is a list of gatherers configurations. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: "oc get insightsoperators.operator.openshift.io cluster -o json \| jq '.status.gatherStatus.gatherers[].name'" + +| `gatherers[]` +| `object` +| gathererConfig allows to configure specific gatherers + +|=== +=== .spec.gatherers +Description:: ++ +-- +gatherers is a list of gatherers configurations. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: "oc get insightsoperators.operator.openshift.io cluster -o json \| jq '.status.gatherStatus.gatherers[].name'" +-- + +Type:: + `array` + + + + +=== .spec.gatherers[] +Description:: ++ +-- +gathererConfig allows to configure specific gatherers +-- + +Type:: + `object` + +Required:: + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| name is the name of specific gatherer + +| `state` +| `string` +| state allows you to configure specific gatherer. Valid values are "Enabled", "Disabled" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled. + +|=== +=== .status +Description:: ++ +-- +status holds observed values from the cluster. They may not be overridden. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions provide details on the status of the gatherer job. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +| `dataGatherState` +| `string` +| dataGatherState reflects the current state of the data gathering process. + +| `finishTime` +| `string` +| finishTime is the time when Insights data gathering finished. + +| `gatherers` +| `array` +| gatherers is a list of active gatherers (and their statuses) in the last gathering. + +| `gatherers[]` +| `object` +| gathererStatus represents information about a particular data gatherer. + +| `insightsReport` +| `object` +| insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by "insightsRequestID") is not available. + +| `insightsRequestID` +| `string` +| insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. + +| `relatedObjects` +| `array` +| relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod + +| `relatedObjects[]` +| `object` +| ObjectReference contains enough information to let you inspect or modify the referred object. + +| `startTime` +| `string` +| startTime is the time when Insights data gathering started. + +|=== +=== .status.conditions +Description:: ++ +-- +conditions provide details on the status of the gatherer job. +-- + +Type:: + `array` + + + + +=== .status.conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== +=== .status.gatherers +Description:: ++ +-- +gatherers is a list of active gatherers (and their statuses) in the last gathering. +-- + +Type:: + `array` + + + + +=== .status.gatherers[] +Description:: ++ +-- +gathererStatus represents information about a particular data gatherer. +-- + +Type:: + `object` + +Required:: + - `conditions` + - `lastGatherDuration` + - `name` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `conditions` +| `array` +| conditions provide details on the status of each gatherer. + +| `conditions[]` +| `object` +| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } + +| `lastGatherDuration` +| `string` +| lastGatherDuration represents the time spent gathering. + +| `name` +| `string` +| name is the name of the gatherer. + +|=== +=== .status.gatherers[].conditions +Description:: ++ +-- +conditions provide details on the status of each gatherer. +-- + +Type:: + `array` + + + + +=== .status.gatherers[].conditions[] +Description:: ++ +-- +Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + // other fields } +-- + +Type:: + `object` + +Required:: + - `lastTransitionTime` + - `message` + - `reason` + - `status` + - `type` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `lastTransitionTime` +| `string` +| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + +| `message` +| `string` +| message is a human readable message indicating details about the transition. This may be an empty string. + +| `observedGeneration` +| `integer` +| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + +| `reason` +| `string` +| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + +| `status` +| `string` +| status of the condition, one of True, False, Unknown. + +| `type` +| `string` +| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + +|=== +=== .status.insightsReport +Description:: ++ +-- +insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by "insightsRequestID") is not available. +-- + +Type:: + `object` + + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `downloadedAt` +| `string` +| downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). + +| `healthChecks` +| `array` +| healthChecks provides basic information about active Insights health checks in a cluster. + +| `healthChecks[]` +| `object` +| healthCheck represents an Insights health check attributes. + +| `uri` +| `string` +| uri provides the URL link from which the report was downloaded. + +|=== +=== .status.insightsReport.healthChecks +Description:: ++ +-- +healthChecks provides basic information about active Insights health checks in a cluster. +-- + +Type:: + `array` + + + + +=== .status.insightsReport.healthChecks[] +Description:: ++ +-- +healthCheck represents an Insights health check attributes. +-- + +Type:: + `object` + +Required:: + - `advisorURI` + - `description` + - `state` + - `totalRisk` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `advisorURI` +| `string` +| advisorURI provides the URL link to the Insights Advisor. + +| `description` +| `string` +| description provides basic description of the healtcheck. + +| `state` +| `string` +| state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface. + +| `totalRisk` +| `integer` +| totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue. + +|=== +=== .status.relatedObjects +Description:: ++ +-- +relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod +-- + +Type:: + `array` + + + + +=== .status.relatedObjects[] +Description:: ++ +-- +ObjectReference contains enough information to let you inspect or modify the referred object. +-- + +Type:: + `object` + +Required:: + - `group` + - `name` + - `resource` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `group` +| `string` +| group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: "", "apps", "build.openshift.io", etc. + +| `name` +| `string` +| name of the referent. + +| `namespace` +| `string` +| namespace of the referent. + +| `resource` +| `string` +| resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: "deployments", "deploymentconfigs", "pods", etc. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/insights.openshift.io/v1alpha1/datagathers` +- `DELETE`: delete collection of DataGather +- `GET`: list objects of kind DataGather +- `POST`: create a DataGather +* `/apis/insights.openshift.io/v1alpha1/datagathers/{name}` +- `DELETE`: delete a DataGather +- `GET`: read the specified DataGather +- `PATCH`: partially update the specified DataGather +- `PUT`: replace the specified DataGather +* `/apis/insights.openshift.io/v1alpha1/datagathers/{name}/status` +- `GET`: read status of the specified DataGather +- `PATCH`: partially update status of the specified DataGather +- `PUT`: replace status of the specified DataGather + + +=== /apis/insights.openshift.io/v1alpha1/datagathers + + + +HTTP method:: + `DELETE` + +Description:: + delete collection of DataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + list objects of kind DataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.openshift.insights.v1alpha1.DataGatherList[`DataGatherList`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `POST` + +Description:: + create a DataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 201 - Created +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 202 - Accepted +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/insights.openshift.io/v1alpha1/datagathers/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the DataGather +|=== + + +HTTP method:: + `DELETE` + +Description:: + delete a DataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 202 - Accepted +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `GET` + +Description:: + read the specified DataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update the specified DataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace the specified DataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 201 - Created +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + + +=== /apis/insights.openshift.io/v1alpha1/datagathers/{name}/status + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the DataGather +|=== + + +HTTP method:: + `GET` + +Description:: + read status of the specified DataGather + + + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PATCH` + +Description:: + partially update status of the specified DataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + +HTTP method:: + `PUT` + +Description:: + replace status of the specified DataGather + + +.Query parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `dryRun` +| `string` +| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed +| `fieldValidation` +| `string` +| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. +|=== + +.Body parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `body` +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| +|=== + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 201 - Created +| xref:../monitoring_apis/datagather-insights-openshift-io-v1alpha1.adoc#datagather-insights-openshift-io-v1alpha1[`DataGather`] schema +| 401 - Unauthorized +| Empty +|=== + + diff --git a/rest_api/monitoring_apis/monitoring-apis-index.adoc b/rest_api/monitoring_apis/monitoring-apis-index.adoc index c4f292d80d..0fce882b35 100644 --- a/rest_api/monitoring_apis/monitoring-apis-index.adoc +++ b/rest_api/monitoring_apis/monitoring-apis-index.adoc @@ -23,7 +23,8 @@ Type:: Description:: + -- -AlertmanagerConfig configures the Prometheus Alertmanager, specifying how alerts should be grouped, inhibited and notified to external systems. +AlertmanagerConfig configures the Prometheus Alertmanager, +specifying how alerts should be grouped, inhibited and notified to external systems. -- Type:: @@ -53,6 +54,18 @@ AlertingRule represents a set of user-defined Prometheus rule groups containing Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -- +Type:: + `object` + +== DataGather [insights.openshift.io/v1alpha1] + +Description:: ++ +-- +DataGather provides data gather configuration options and status for the particular Insights data gathering. + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +-- + Type:: `object` @@ -122,3 +135,25 @@ ThanosRuler defines a ThanosRuler deployment. Type:: `object` +== NodeMetrics [metrics.k8s.io/v1beta1] + +Description:: ++ +-- +NodeMetrics sets resource usage metrics of a node. +-- + +Type:: + `object` + +== PodMetrics [metrics.k8s.io/v1beta1] + +Description:: ++ +-- +PodMetrics sets resource usage metrics of a pod. +-- + +Type:: + `object` + diff --git a/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc b/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..ec1f4003a9 --- /dev/null +++ b/rest_api/monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc @@ -0,0 +1,115 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="nodemetrics-metrics-k8s-io-v1beta1"] += NodeMetrics [metrics.k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +NodeMetrics sets resource usage metrics of a node. +-- + +Type:: + `object` + +Required:: + - `timestamp` + - `window` + - `usage` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `timestamp` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]. + +| `usage` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] +| The memory usage is the memory working set. + +| `window` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Duration[`Duration`] +| + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/metrics.k8s.io/v1beta1/nodes` +- `GET`: list objects of kind NodeMetrics +* `/apis/metrics.k8s.io/v1beta1/nodes/{name}` +- `GET`: read the specified NodeMetrics + + +=== /apis/metrics.k8s.io/v1beta1/nodes + + + +HTTP method:: + `GET` + +Description:: + list objects of kind NodeMetrics + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.metrics.pkg.apis.metrics.v1beta1.NodeMetricsList[`NodeMetricsList`] schema +|=== + + +=== /apis/metrics.k8s.io/v1beta1/nodes/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the NodeMetrics +|=== + + +HTTP method:: + `GET` + +Description:: + read the specified NodeMetrics + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/nodemetrics-metrics-k8s-io-v1beta1.adoc#nodemetrics-metrics-k8s-io-v1beta1[`NodeMetrics`] schema +|=== + + diff --git a/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc b/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc new file mode 100644 index 0000000000..8fc69d4cd9 --- /dev/null +++ b/rest_api/monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc @@ -0,0 +1,183 @@ +// Automatically generated by 'openshift-apidocs-gen'. Do not edit. +:_mod-docs-content-type: ASSEMBLY +[id="podmetrics-metrics-k8s-io-v1beta1"] += PodMetrics [metrics.k8s.io/v1beta1] +:toc: macro +:toc-title: + +toc::[] + + +Description:: ++ +-- +PodMetrics sets resource usage metrics of a pod. +-- + +Type:: + `object` + +Required:: + - `timestamp` + - `window` + - `containers` + + +== Specification + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `apiVersion` +| `string` +| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + +| `containers` +| `array` +| Metrics for all containers are collected within the same time window. + +| `containers[]` +| `object` +| ContainerMetrics sets resource usage metrics of a container. + +| `kind` +| `string` +| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + +| `metadata` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`] +| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + +| `timestamp` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`] +| The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]. + +| `window` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Duration[`Duration`] +| + +|=== +=== .containers +Description:: ++ +-- +Metrics for all containers are collected within the same time window. +-- + +Type:: + `array` + + + + +=== .containers[] +Description:: ++ +-- +ContainerMetrics sets resource usage metrics of a container. +-- + +Type:: + `object` + +Required:: + - `name` + - `usage` + + + +[cols="1,1,1",options="header"] +|=== +| Property | Type | Description + +| `name` +| `string` +| Container name corresponding to the one from pod.spec.containers. + +| `usage` +| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`] +| The memory usage is the memory working set. + +|=== + +== API endpoints + +The following API endpoints are available: + +* `/apis/metrics.k8s.io/v1beta1/pods` +- `GET`: list objects of kind PodMetrics +* `/apis/metrics.k8s.io/v1beta1/namespaces/{namespace}/pods` +- `GET`: list objects of kind PodMetrics +* `/apis/metrics.k8s.io/v1beta1/namespaces/{namespace}/pods/{name}` +- `GET`: read the specified PodMetrics + + +=== /apis/metrics.k8s.io/v1beta1/pods + + + +HTTP method:: + `GET` + +Description:: + list objects of kind PodMetrics + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.metrics.pkg.apis.metrics.v1beta1.PodMetricsList[`PodMetricsList`] schema +|=== + + +=== /apis/metrics.k8s.io/v1beta1/namespaces/{namespace}/pods + + + +HTTP method:: + `GET` + +Description:: + list objects of kind PodMetrics + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../objects/index.adoc#io.k8s.metrics.pkg.apis.metrics.v1beta1.PodMetricsList[`PodMetricsList`] schema +|=== + + +=== /apis/metrics.k8s.io/v1beta1/namespaces/{namespace}/pods/{name} + +.Global path parameters +[cols="1,1,2",options="header"] +|=== +| Parameter | Type | Description +| `name` +| `string` +| name of the PodMetrics +|=== + + +HTTP method:: + `GET` + +Description:: + read the specified PodMetrics + + +.HTTP responses +[cols="1,1",options="header"] +|=== +| HTTP code | Reponse body +| 200 - OK +| xref:../monitoring_apis/podmetrics-metrics-k8s-io-v1beta1.adoc#podmetrics-metrics-k8s-io-v1beta1[`PodMetrics`] schema +|=== + + diff --git a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc index df9246460c..1a7c7aa84e 100644 --- a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc @@ -65,43 +65,68 @@ Required:: | `attachMetadata` | `object` -| `attachMetadata` defines additional metadata which is added to the discovered targets. - It requires Prometheus >= v2.37.0. +| `attachMetadata` defines additional metadata which is added to the +discovered targets. + + +It requires Prometheus >= v2.37.0. | `bodySizeLimit` | `string` -| When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. - It requires Prometheus >= v2.28.0. +| When defined, bodySizeLimit specifies a job level limit on the size +of uncompressed response body that will be accepted by Prometheus. + + +It requires Prometheus >= v2.28.0. | `jobLabel` | `string` -| The label to use to retrieve the job name from. `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. - For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. - If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `/`). +| The label to use to retrieve the job name from. +`jobLabel` selects the label from the associated Kubernetes `Pod` +object which will be used as the `job` label for all metrics. + + +For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` +object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` +label to all ingested metrics. + + +If the value of this field is empty, the `job` label of the metrics +defaults to the namespace and name of the PodMonitor object (e.g. `/`). | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. +| Per-scrape limit on the number of targets dropped by relabeling +that will be kept in memory. 0 means no limit. + + +It requires Prometheus >= v2.47.0. | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. - It requires Prometheus >= v2.27.0. +| Per-scrape limit on number of labels that will be accepted for a sample. + + +It requires Prometheus >= v2.27.0. | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. - It requires Prometheus >= v2.27.0. +| Per-scrape limit on length of labels name that will be accepted for a sample. + + +It requires Prometheus >= v2.27.0. | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. - It requires Prometheus >= v2.27.0. +| Per-scrape limit on length of labels value that will be accepted for a sample. + + +It requires Prometheus >= v2.27.0. | `namespaceSelector` | `object` -| Selector to select which namespaces the Kubernetes `Pods` objects are discovered from. +| Selector to select which namespaces the Kubernetes `Pods` objects +are discovered from. | `podMetricsEndpoints` | `array` @@ -109,15 +134,18 @@ Required:: | `podMetricsEndpoints[]` | `object` -| PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus. +| PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by +Prometheus. | `podTargetLabels` | `array (string)` -| `podTargetLabels` defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics. +| `podTargetLabels` defines the labels which are transferred from the +associated Kubernetes `Pod` object onto the ingested metrics. | `sampleLimit` | `integer` -| `sampleLimit` defines a per-scrape limit on the number of scraped samples that will be accepted. +| `sampleLimit` defines a per-scrape limit on the number of scraped samples +that will be accepted. | `scrapeClass` | `string` @@ -125,9 +153,14 @@ Required:: | `scrapeProtocols` | `array (string)` -| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. +| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the +protocols supported by Prometheus in order of preference (from most to least preferred). + + +If unset, Prometheus uses its default value. + + +It requires Prometheus >= v2.49.0. | `selector` | `object` @@ -135,15 +168,19 @@ Required:: | `targetLimit` | `integer` -| `targetLimit` defines a limit on the number of scraped targets that will be accepted. +| `targetLimit` defines a limit on the number of scraped targets that will +be accepted. |=== === .spec.attachMetadata Description:: + -- -`attachMetadata` defines additional metadata which is added to the discovered targets. - It requires Prometheus >= v2.37.0. +`attachMetadata` defines additional metadata which is added to the +discovered targets. + + +It requires Prometheus >= v2.37.0. -- Type:: @@ -158,14 +195,16 @@ Type:: | `node` | `boolean` -| When set to true, Prometheus must have the `get` permission on the `Nodes` objects. +| When set to true, Prometheus must have the `get` permission on the +`Nodes` objects. |=== === .spec.namespaceSelector Description:: + -- -Selector to select which namespaces the Kubernetes `Pods` objects are discovered from. +Selector to select which namespaces the Kubernetes `Pods` objects +are discovered from. -- Type:: @@ -180,7 +219,8 @@ Type:: | `any` | `boolean` -| Boolean describing whether all namespaces are selected in contrast to a list restricting them. +| Boolean describing whether all namespaces are selected in contrast to a +list restricting them. | `matchNames` | `array (string)` @@ -204,7 +244,8 @@ Type:: Description:: + -- -PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus. +PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by +Prometheus. -- Type:: @@ -219,18 +260,28 @@ Type:: | `authorization` | `object` -| `authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. +| `authorization` configures the Authorization header credentials to use when +scraping the target. + + +Cannot be set at the same time as `basicAuth`, or `oauth2`. | `basicAuth` | `object` -| `basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. +| `basicAuth` configures the Basic Authentication credentials to use when +scraping the target. + + +Cannot be set at the same time as `authorization`, or `oauth2`. | `bearerTokenSecret` | `object` -| `bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. +| `bearerTokenSecret` specifies a key of a Secret containing the bearer +token for scraping targets. The secret needs to be in the same namespace +as the PodMonitor object and readable by the Prometheus Operator. + + +Deprecated: use `authorization` instead. | `enableHttp2` | `boolean` @@ -238,41 +289,59 @@ Type:: | `filterRunning` | `boolean` -| When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. - If unset, the filtering is enabled. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase +| When true, the pods which are not running (e.g. either in Failed or +Succeeded state) are dropped during the target discovery. + + +If unset, the filtering is enabled. + + +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase | `followRedirects` | `boolean` -| `followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects. +| `followRedirects` defines whether the scrape requests should follow HTTP +3xx redirects. | `honorLabels` | `boolean` -| When true, `honorLabels` preserves the metric's labels when they collide with the target's labels. +| When true, `honorLabels` preserves the metric's labels when they collide +with the target's labels. | `honorTimestamps` | `boolean` -| `honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by the target. +| `honorTimestamps` controls whether Prometheus preserves the timestamps +when exposed by the target. | `interval` | `string` -| Interval at which Prometheus scrapes the metrics from the target. - If empty, Prometheus uses the global scrape interval. +| Interval at which Prometheus scrapes the metrics from the target. + + +If empty, Prometheus uses the global scrape interval. | `metricRelabelings` | `array` -| `metricRelabelings` configures the relabeling rules to apply to the samples before ingestion. +| `metricRelabelings` configures the relabeling rules to apply to the +samples before ingestion. | `metricRelabelings[]` | `object` -| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `oauth2` | `object` -| `oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. +| `oauth2` configures the OAuth2 settings to use when scraping the target. + + +It requires Prometheus >= 2.27.0. + + +Cannot be set at the same time as `authorization`, or `basicAuth`. | `params` | `object` @@ -284,45 +353,71 @@ Type:: | `path` | `string` -| HTTP path from which to scrape for metrics. - If empty, Prometheus uses the default value (e.g. `/metrics`). +| HTTP path from which to scrape for metrics. + + +If empty, Prometheus uses the default value (e.g. `/metrics`). | `port` | `string` -| Name of the Pod port which this endpoint refers to. - It takes precedence over `targetPort`. +| Name of the Pod port which this endpoint refers to. + + +It takes precedence over `targetPort`. | `proxyUrl` | `string` -| `proxyURL` configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through when scraping the target. +| `proxyURL` configures the HTTP Proxy URL (e.g. +"http://proxyserver:2195") to go through when scraping the target. | `relabelings` | `array` -| `relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| `relabelings` configures the relabeling rules to apply the target's +metadata labels. + + +The Operator automatically adds relabelings for a few standard Kubernetes fields. + + +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `relabelings[]` | `object` -| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `scheme` | `string` -| HTTP scheme to use for scraping. - `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. - If empty, Prometheus uses the default value `http`. +| HTTP scheme to use for scraping. + + +`http` and `https` are the expected values unless you rewrite the +`__scheme__` label via relabeling. + + +If empty, Prometheus uses the default value `http`. | `scrapeTimeout` | `string` -| Timeout after which Prometheus considers the scrape to be failed. - If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. +| Timeout after which Prometheus considers the scrape to be failed. + + +If empty, Prometheus uses the global scrape timeout unless it is less +than the target's scrape interval value in which the latter is used. | `targetPort` | `integer-or-string` -| Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. - Deprecated: use 'port' instead. +| Name or number of the target port of the `Pod` object behind the Service, the +port must be specified with container port property. + + +Deprecated: use 'port' instead. | `tlsConfig` | `object` @@ -330,16 +425,23 @@ Type:: | `trackTimestampsStaleness` | `boolean` -| `trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. - It requires Prometheus >= v2.48.0. +| `trackTimestampsStaleness` defines whether Prometheus tracks staleness of +the metrics that have an explicit timestamp present in scraped data. +Has no effect if `honorTimestamps` is false. + + +It requires Prometheus >= v2.48.0. |=== === .spec.podMetricsEndpoints[].authorization Description:: + -- -`authorization` configures the Authorization header credentials to use when scraping the target. - Cannot be set at the same time as `basicAuth`, or `oauth2`. +`authorization` configures the Authorization header credentials to use when +scraping the target. + + +Cannot be set at the same time as `basicAuth`, or `oauth2`. -- Type:: @@ -358,9 +460,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.podMetricsEndpoints[].authorization.credentials @@ -388,7 +494,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -399,8 +511,11 @@ Required:: Description:: + -- -`basicAuth` configures the Basic Authentication credentials to use when scraping the target. - Cannot be set at the same time as `authorization`, or `oauth2`. +`basicAuth` configures the Basic Authentication credentials to use when +scraping the target. + + +Cannot be set at the same time as `authorization`, or `oauth2`. -- Type:: @@ -415,18 +530,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.podMetricsEndpoints[].basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -447,7 +565,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -458,7 +582,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -479,7 +604,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -490,8 +621,12 @@ Required:: Description:: + -- -`bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. - Deprecated: use `authorization` instead. +`bearerTokenSecret` specifies a key of a Secret containing the bearer +token for scraping targets. The secret needs to be in the same namespace +as the PodMonitor object and readable by the Prometheus Operator. + + +Deprecated: use `authorization` instead. -- Type:: @@ -512,7 +647,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -523,7 +664,8 @@ Required:: Description:: + -- -`metricRelabelings` configures the relabeling rules to apply to the samples before ingestion. +`metricRelabelings` configures the relabeling rules to apply to the +samples before ingestion. -- Type:: @@ -536,8 +678,11 @@ Type:: Description:: + -- -RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -552,14 +697,21 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" +| Action to perform based on the regex matching. + + +`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. +`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + +Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. +| Modulus to take of the hash of the source label values. + + +Only applicable when the action is `HashMod`. | `regex` | `string` @@ -567,8 +719,11 @@ Type:: | `replacement` | `string` -| Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. +| Replacement value against which a Replace action is performed if the +regular expression matches. + + +Regex capture groups are available. | `separator` | `string` @@ -576,22 +731,33 @@ Type:: | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. +| The source labels select values from existing labels. Their content is +concatenated using the configured Separator and matched against the +configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. +| Label to which the resulting string is written in a replacement. + + +It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, +`KeepEqual` and `DropEqual` actions. + + +Regex capture groups are available. |=== === .spec.podMetricsEndpoints[].oauth2 Description:: + -- -`oauth2` configures the OAuth2 settings to use when scraping the target. - It requires Prometheus >= 2.27.0. - Cannot be set at the same time as `authorization`, or `basicAuth`. +`oauth2` configures the OAuth2 settings to use when scraping the target. + + +It requires Prometheus >= 2.27.0. + + +Cannot be set at the same time as `authorization`, or `basicAuth`. -- Type:: @@ -610,15 +776,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -633,7 +802,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -680,7 +850,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -712,7 +888,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -723,7 +905,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -744,7 +927,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -768,10 +957,17 @@ Type:: Description:: + -- -`relabelings` configures the relabeling rules to apply the target's metadata labels. - The Operator automatically adds relabelings for a few standard Kubernetes fields. - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +`relabelings` configures the relabeling rules to apply the target's +metadata labels. + + +The Operator automatically adds relabelings for a few standard Kubernetes fields. + + +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -784,8 +980,11 @@ Type:: Description:: + -- -RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -800,14 +999,21 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" +| Action to perform based on the regex matching. + + +`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. +`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + +Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. +| Modulus to take of the hash of the source label values. + + +Only applicable when the action is `HashMod`. | `regex` | `string` @@ -815,8 +1021,11 @@ Type:: | `replacement` | `string` -| Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. +| Replacement value against which a Replace action is performed if the +regular expression matches. + + +Regex capture groups are available. | `separator` | `string` @@ -824,13 +1033,20 @@ Type:: | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. +| The source labels select values from existing labels. Their content is +concatenated using the configured Separator and matched against the +configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. +| Label to which the resulting string is written in a replacement. + + +It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, +`KeepEqual` and `DropEqual` actions. + + +Regex capture groups are available. |=== === .spec.podMetricsEndpoints[].tlsConfig @@ -922,7 +1138,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -954,7 +1176,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1012,7 +1240,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1044,7 +1278,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1076,7 +1316,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1106,11 +1352,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.selector.matchExpressions @@ -1130,7 +1379,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -1152,11 +1402,15 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== diff --git a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc index e399f202f4..20272ed515 100644 --- a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc @@ -67,15 +67,19 @@ Type:: | `basicAuth` | `object` -| BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint +| BasicAuth allow an endpoint to authenticate over basic authentication. +More info: https://prometheus.io/docs/operating/configuration/#endpoint | `bearerTokenSecret` | `object` -| Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. +| Secret to mount to read bearer token for scraping targets. The secret +needs to be in the same namespace as the probe and accessible by +the Prometheus Operator. | `interval` | `string` -| Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. +| Interval at which targets are probed using the configured prober. +If not specified Prometheus' global scrape interval is used. | `jobName` | `string` @@ -83,20 +87,26 @@ Type:: | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. +| Per-scrape limit on the number of targets dropped by relabeling +that will be kept in memory. 0 means no limit. + + +It requires Prometheus >= v2.47.0. | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. +| Per-scrape limit on number of labels that will be accepted for a sample. +Only valid in Prometheus versions 2.27.0 and newer. | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. +| Per-scrape limit on length of labels name that will be accepted for a sample. +Only valid in Prometheus versions 2.27.0 and newer. | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. +| Per-scrape limit on length of labels value that will be accepted for a sample. +Only valid in Prometheus versions 2.27.0 and newer. | `metricRelabelings` | `array` @@ -104,12 +114,17 @@ Type:: | `metricRelabelings[]` | `object` -| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `module` | `string` -| The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml +| The module to use for probing specifying how to probe the target. +Example module configuring in the blackbox exporter: +https://github.com/prometheus/blackbox_exporter/blob/master/example.yml | `oauth2` | `object` @@ -117,7 +132,8 @@ Type:: | `prober` | `object` -| Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. +| Specification for the prober to use for probing targets. +The prober.URL parameter is required. Targets cannot be probed if left empty. | `sampleLimit` | `integer` @@ -129,13 +145,19 @@ Type:: | `scrapeProtocols` | `array (string)` -| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). - If unset, Prometheus uses its default value. - It requires Prometheus >= v2.49.0. +| `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the +protocols supported by Prometheus in order of preference (from most to least preferred). + + +If unset, Prometheus uses its default value. + + +It requires Prometheus >= v2.49.0. | `scrapeTimeout` | `string` -| Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. +| Timeout for scraping metrics from the Prometheus exporter. +If not specified, the Prometheus global scrape timeout is used. | `targetLimit` | `integer` @@ -173,9 +195,13 @@ Type:: | `type` | `string` -| Defines the authentication type. The value is case-insensitive. - "Basic" is not a supported value. - Default: "Bearer" +| Defines the authentication type. The value is case-insensitive. + + +"Basic" is not a supported value. + + +Default: "Bearer" |=== === .spec.authorization.credentials @@ -203,7 +229,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -214,7 +246,8 @@ Required:: Description:: + -- -BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint +BasicAuth allow an endpoint to authenticate over basic authentication. +More info: https://prometheus.io/docs/operating/configuration/#endpoint -- Type:: @@ -229,18 +262,21 @@ Type:: | `password` | `object` -| `password` specifies a key of a Secret containing the password for authentication. +| `password` specifies a key of a Secret containing the password for +authentication. | `username` | `object` -| `username` specifies a key of a Secret containing the username for authentication. +| `username` specifies a key of a Secret containing the username for +authentication. |=== === .spec.basicAuth.password Description:: + -- -`password` specifies a key of a Secret containing the password for authentication. +`password` specifies a key of a Secret containing the password for +authentication. -- Type:: @@ -261,7 +297,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -272,7 +314,8 @@ Required:: Description:: + -- -`username` specifies a key of a Secret containing the username for authentication. +`username` specifies a key of a Secret containing the username for +authentication. -- Type:: @@ -293,7 +336,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -304,7 +353,9 @@ Required:: Description:: + -- -Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. +Secret to mount to read bearer token for scraping targets. The secret +needs to be in the same namespace as the probe and accessible by +the Prometheus Operator. -- Type:: @@ -325,7 +376,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -349,8 +406,11 @@ Type:: Description:: + -- -RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -365,14 +425,21 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" +| Action to perform based on the regex matching. + + +`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. +`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + +Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. +| Modulus to take of the hash of the source label values. + + +Only applicable when the action is `HashMod`. | `regex` | `string` @@ -380,8 +447,11 @@ Type:: | `replacement` | `string` -| Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. +| Replacement value against which a Replace action is performed if the +regular expression matches. + + +Regex capture groups are available. | `separator` | `string` @@ -389,13 +459,20 @@ Type:: | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. +| The source labels select values from existing labels. Their content is +concatenated using the configured Separator and matched against the +configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. +| Label to which the resulting string is written in a replacement. + + +It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, +`KeepEqual` and `DropEqual` actions. + + +Regex capture groups are available. |=== === .spec.oauth2 @@ -421,15 +498,18 @@ Required:: | `clientId` | `object` -| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +| `clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. | `clientSecret` | `object` -| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +| `clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. | `endpointParams` | `object (string)` -| `endpointParams` configures the HTTP parameters to append to the token URL. +| `endpointParams` configures the HTTP parameters to append to the token +URL. | `scopes` | `array (string)` @@ -444,7 +524,8 @@ Required:: Description:: + -- -`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID. +`clientId` specifies a key of a Secret or ConfigMap containing the +OAuth2 client's ID. -- Type:: @@ -491,7 +572,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -523,7 +610,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -534,7 +627,8 @@ Required:: Description:: + -- -`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret. +`clientSecret` specifies a key of a Secret containing the OAuth2 +client's secret. -- Type:: @@ -555,7 +649,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -566,7 +666,8 @@ Required:: Description:: + -- -Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. +Specification for the prober to use for probing targets. +The prober.URL parameter is required. Targets cannot be probed if left empty. -- Type:: @@ -583,7 +684,8 @@ Required:: | `path` | `string` -| Path to collect metrics from. Defaults to `/probe`. +| Path to collect metrics from. +Defaults to `/probe`. | `proxyUrl` | `string` @@ -591,7 +693,9 @@ Required:: | `scheme` | `string` -| HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`. +| HTTP scheme to use for scraping. +`http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. +If empty, Prometheus uses the default value `http`. | `url` | `string` @@ -617,18 +721,25 @@ Type:: | `ingress` | `object` -| ingress defines the Ingress objects to probe and the relabeling configuration. If `staticConfig` is also defined, `staticConfig` takes precedence. +| ingress defines the Ingress objects to probe and the relabeling +configuration. +If `staticConfig` is also defined, `staticConfig` takes precedence. | `staticConfig` | `object` -| staticConfig defines the static list of targets to probe and the relabeling configuration. If `ingress` is also defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. +| staticConfig defines the static list of targets to probe and the +relabeling configuration. +If `ingress` is also defined, `staticConfig` takes precedence. +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. |=== === .spec.targets.ingress Description:: + -- -ingress defines the Ingress objects to probe and the relabeling configuration. If `staticConfig` is also defined, `staticConfig` takes precedence. +ingress defines the Ingress objects to probe and the relabeling +configuration. +If `staticConfig` is also defined, `staticConfig` takes precedence. -- Type:: @@ -647,12 +758,21 @@ Type:: | `relabelingConfigs` | `array` -| RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfigs to apply to the label set of the target before it gets +scraped. +The original ingress address is available via the +`__tmp_prometheus_ingress_address` label. It can be used to customize the +probed URL. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `relabelingConfigs[]` | `object` -| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `selector` | `object` @@ -678,7 +798,8 @@ Type:: | `any` | `boolean` -| Boolean describing whether all namespaces are selected in contrast to a list restricting them. +| Boolean describing whether all namespaces are selected in contrast to a +list restricting them. | `matchNames` | `array (string)` @@ -689,7 +810,13 @@ Type:: Description:: + -- -RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfigs to apply to the label set of the target before it gets +scraped. +The original ingress address is available via the +`__tmp_prometheus_ingress_address` label. It can be used to customize the +probed URL. +The original scrape job's name is available via the `__tmp_prometheus_job_name` label. +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -702,8 +829,11 @@ Type:: Description:: + -- -RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -718,14 +848,21 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" +| Action to perform based on the regex matching. + + +`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. +`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + +Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. +| Modulus to take of the hash of the source label values. + + +Only applicable when the action is `HashMod`. | `regex` | `string` @@ -733,8 +870,11 @@ Type:: | `replacement` | `string` -| Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. +| Replacement value against which a Replace action is performed if the +regular expression matches. + + +Regex capture groups are available. | `separator` | `string` @@ -742,13 +882,20 @@ Type:: | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. +| The source labels select values from existing labels. Their content is +concatenated using the configured Separator and matched against the +configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. +| Label to which the resulting string is written in a replacement. + + +It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, +`KeepEqual` and `DropEqual` actions. + + +Regex capture groups are available. |=== === .spec.targets.ingress.selector @@ -774,11 +921,14 @@ Type:: | `matchExpressions[]` | `object` -| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +| A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. | `matchLabels` | `object (string)` -| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed. |=== === .spec.targets.ingress.selector.matchExpressions @@ -798,7 +948,8 @@ Type:: Description:: + -- -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. -- Type:: @@ -820,18 +971,25 @@ Required:: | `operator` | `string` -| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +| operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist. | `values` | `array (string)` -| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +| values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch. |=== === .spec.targets.staticConfig Description:: + -- -staticConfig defines the static list of targets to probe and the relabeling configuration. If `ingress` is also defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. +staticConfig defines the static list of targets to probe and the +relabeling configuration. +If `ingress` is also defined, `staticConfig` takes precedence. +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config. -- Type:: @@ -850,12 +1008,17 @@ Type:: | `relabelingConfigs` | `array` -| RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfigs to apply to the label set of the targets before it gets +scraped. +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `relabelingConfigs[]` | `object` -| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config | `static` | `array (string)` @@ -866,7 +1029,9 @@ Type:: Description:: + -- -RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfigs to apply to the label set of the targets before it gets +scraped. +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -879,8 +1044,11 @@ Type:: Description:: + -- -RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +RelabelConfig allows dynamic rewriting of the label set for targets, alerts, +scraped samples and remote write samples. + + +More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -- Type:: @@ -895,14 +1063,21 @@ Type:: | `action` | `string` -| Action to perform based on the regex matching. - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - Default: "Replace" +| Action to perform based on the regex matching. + + +`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. +`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + +Default: "Replace" | `modulus` | `integer` -| Modulus to take of the hash of the source label values. - Only applicable when the action is `HashMod`. +| Modulus to take of the hash of the source label values. + + +Only applicable when the action is `HashMod`. | `regex` | `string` @@ -910,8 +1085,11 @@ Type:: | `replacement` | `string` -| Replacement value against which a Replace action is performed if the regular expression matches. - Regex capture groups are available. +| Replacement value against which a Replace action is performed if the +regular expression matches. + + +Regex capture groups are available. | `separator` | `string` @@ -919,13 +1097,20 @@ Type:: | `sourceLabels` | `array (string)` -| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. +| The source labels select values from existing labels. Their content is +concatenated using the configured Separator and matched against the +configured regular expression. | `targetLabel` | `string` -| Label to which the resulting string is written in a replacement. - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. - Regex capture groups are available. +| Label to which the resulting string is written in a replacement. + + +It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, +`KeepEqual` and `DropEqual` actions. + + +Regex capture groups are available. |=== === .spec.tlsConfig @@ -1017,7 +1202,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1049,7 +1240,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1107,7 +1304,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1139,7 +1342,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` @@ -1171,7 +1380,13 @@ Required:: | `name` | `string` -| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +| Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +TODO: Add other useful fields. apiVersion, kind, uid? +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. | `optional` | `boolean` diff --git a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc index 7b30d5e094..ec58ffe4f6 100644 --- a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc +++ b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc @@ -41,18 +41,22 @@ Required:: | `spec` | `object` -| Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +| Specification of the desired behavior of the Prometheus cluster. More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | `status` | `object` -| Most recent observed status of the Prometheus cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +| Most recent observed status of the Prometheus cluster. Read-only. +More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |=== === .spec Description:: + -- -Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +Specification of the desired behavior of the Prometheus cluster. More info: +https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status -- Type:: @@ -67,23 +71,58 @@ Type:: | `additionalAlertManagerConfigs` | `object` -| AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. +| AdditionalAlertManagerConfigs specifies a key of a Secret containing +additional Prometheus Alertmanager configurations. The Alertmanager +configurations are appended to the configuration generated by the +Prometheus Operator. They must be formatted according to the official +Prometheus documentation: + + +https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config + + +The user is responsible for making sure that the configurations are valid + + +Note that using this feature may expose the possibility to break +upgrades of Prometheus. It is advised to review Prometheus release notes +to ensure that no incompatible AlertManager configs are going to break +Prometheus after the upgrade. | `additionalAlertRelabelConfigs` | `object` -| AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - The user is responsible for making sure that the configurations are valid - Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade. +| AdditionalAlertRelabelConfigs specifies a key of a Secret containing +additional Prometheus alert relabel configurations. The alert relabel +configurations are appended to the configuration generated by the +Prometheus Operator. They must be formatted according to the official +Prometheus documentation: + + +https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + + +The user is responsible for making sure that the configurations are valid + + +Note that using this feature may expose the possibility to break +upgrades of Prometheus. It is advised to review Prometheus release notes +to ensure that no incompatible alert relabel configs are going to break +Prometheus after the upgrade. | `additionalArgs` | `array` -| AdditionalArgs allows setting additional arguments for the 'prometheus' container. - It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. - In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. +| AdditionalArgs allows setting additional arguments for the 'prometheus' container. + + +It is intended for e.g. activating hidden flags which are not supported by +the dedicated configuration options yet. The arguments are passed as-is to the +Prometheus container which may cause issues if they are invalid or not supported +by the given Prometheus version. + + +In case of an argument conflict (e.g. an argument which is already set by the +operator itself) or when providing an invalid argument, the reconciliation will +fail and an error will be logged. | `additionalArgs[]` | `object` @@ -91,7 +130,17 @@ Type:: | `additionalScrapeConfigs` | `object` -| AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade. +| AdditionalScrapeConfigs allows specifying a key of a Secret containing +additional Prometheus scrape configurations. Scrape configurations +specified are appended to the configurations generated by the Prometheus +Operator. Job configurations specified must have the form as specified +in the official Prometheus documentation: +https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. +As scrape configs are appended, the user is responsible to make sure it +is valid. Note that using this feature may expose the possibility to +break upgrades of Prometheus. It is advised to review Prometheus release +notes to ensure that no incompatible scrape configs are going to break +Prometheus after the upgrade. | `affinity` | `object` @@ -103,16 +152,41 @@ Type:: | `allowOverlappingBlocks` | `boolean` -| AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. - Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. +| AllowOverlappingBlocks enables vertical compaction and vertical query +merge in Prometheus. + + +Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default. | `apiserverConfig` | `object` -| APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. +| APIServerConfig allows specifying a host and auth methods to access the +Kuberntees API server. +If null, Prometheus is assumed to run inside of the cluster: it will +discover the API servers automatically and use the Pod's CA certificate +and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. | `arbitraryFSAccessThroughSMs` | `object` -| When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field. +| When true, ServiceMonitor, PodMonitor and Probe object are forbidden to +reference arbitrary files on the file system of the 'prometheus' +container. +When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value +(e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a +malicious target can get access to the Prometheus service account's +token in the Prometheus' scrape request. Setting +`spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. +Users should instead provide the credentials using the +`spec.bearerTokenSecret` field. + +| `automountServiceAccountToken` +| `boolean` +| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. +If the field isn't set, the operator mounts the service account token by default. + + +**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery. +It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. | `baseImage` | `string` @@ -120,17 +194,39 @@ Type:: | `bodySizeLimit` | `string` -| BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. +| BodySizeLimit defines per-scrape on response body size. +Only valid in Prometheus versions 2.45.0 and newer. + + +Note that the global limit only applies to scrape objects that don't specify an explicit limit value. +If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. | `configMaps` | `array (string)` -| ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. +| ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus +object, which shall be mounted into the Prometheus Pods. +Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. +The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. | `containers` | `array` -| Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. - The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. +| Containers allows injecting additional containers or modifying operator +generated containers. This can be used to allow adding an authentication +proxy to the Pods or to change the behavior of an operator generated +container. Containers described here modify an operator generated +container if they share the same name and modifications are done via a +strategic merge patch. + + +The names of containers managed by the operator are: +* `prometheus` +* `config-reloader` +* `thanos-sidecar` + + +Overriding containers is entirely outside the scope of what the +maintainers will support and by doing so, you accept that this behaviour +may break at any time without notice. | `containers[]` | `object` @@ -142,72 +238,198 @@ Type:: | `enableAdminAPI` | `boolean` -| Enables access to the Prometheus web admin API. - WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. - For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis +| Enables access to the Prometheus web admin API. + + +WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, +shutdown Prometheus, and more. Enabling this should be done with care and the +user is advised to add additional authentication authorization via a proxy to +ensure only clients authorized to perform these actions can do so. + + +For more information: +https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis | `enableFeatures` | `array (string)` -| Enable access to Prometheus feature flags. By default, no features are enabled. - Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. - For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ +| Enable access to Prometheus feature flags. By default, no features are enabled. + + +Enabling features which are disabled by default is entirely outside the +scope of what the maintainers will support and by doing so, you accept +that this behaviour may break at any time without notice. + + +For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ | `enableRemoteWriteReceiver` | `boolean` -| Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. - WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - It requires Prometheus >= v2.33.0. +| Enable Prometheus to be used as a receiver for the Prometheus remote +write protocol. + + +WARNING: This is not considered an efficient way of ingesting samples. +Use it with caution for specific low-volume use cases. +It is not suitable for replacing the ingestion via scraping and turning +Prometheus into a push-based metrics collection system. +For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + + +It requires Prometheus >= v2.33.0. | `enforcedBodySizeLimit` | `string` -| When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. - It requires Prometheus >= v2.28.0. +| When defined, enforcedBodySizeLimit specifies a global limit on the size +of uncompressed response body that will be accepted by Prometheus. +Targets responding with a body larger than this many bytes will cause +the scrape to fail. + + +It requires Prometheus >= v2.28.0. + + +When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. +* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. +* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit. | `enforcedKeepDroppedTargets` | `integer` -| When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any `spec.keepDroppedTargets` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. - It requires Prometheus >= v2.47.0. +| When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets +dropped by relabeling that will be kept in memory. The value overrides +any `spec.keepDroppedTargets` set by +ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is +greater than zero and less than `spec.enforcedKeepDroppedTargets`. + + +It requires Prometheus >= v2.47.0. + + +When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. +* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. +* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets. | `enforcedLabelLimit` | `integer` -| When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. - It requires Prometheus >= v2.27.0. +| When defined, enforcedLabelLimit specifies a global limit on the number +of labels per sample. The value overrides any `spec.labelLimit` set by +ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is +greater than zero and less than `spec.enforcedLabelLimit`. + + +It requires Prometheus >= v2.27.0. + + +When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. +* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. +* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit. | `enforcedLabelNameLengthLimit` | `integer` -| When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. - It requires Prometheus >= v2.27.0. +| When defined, enforcedLabelNameLengthLimit specifies a global limit on the length +of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by +ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is +greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + + +It requires Prometheus >= v2.27.0. + + +When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. +* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. +* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit. | `enforcedLabelValueLengthLimit` | `integer` -| When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. - It requires Prometheus >= v2.27.0. +| When not null, enforcedLabelValueLengthLimit defines a global limit on the length +of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by +ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is +greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + + +It requires Prometheus >= v2.27.0. + + +When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. +* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. +* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit. | `enforcedNamespaceLabel` | `string` -| When not empty, a label will be added to - 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. - The label will not added for objects referenced in `spec.excludedFromEnforcement`. - The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or `PrometheusRule` object. +| When not empty, a label will be added to: + + +1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. +2. All metrics generated from recording rules defined in `PrometheusRule` objects. +3. All alerts generated from alerting rules defined in `PrometheusRule` objects. +4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. + + +The label will not added for objects referenced in `spec.excludedFromEnforcement`. + + +The label's name is this field's value. +The label's value is the namespace of the `ServiceMonitor`, +`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object. | `enforcedSampleLimit` | `integer` -| When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. - It is meant to be used by admins to keep the overall number of samples/series under a desired limit. +| When defined, enforcedSampleLimit specifies a global limit on the number +of scraped samples that will be accepted. This overrides any +`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects +unless `spec.sampleLimit` is greater than zero and less than +`spec.enforcedSampleLimit`. + + +It is meant to be used by admins to keep the overall number of +samples/series under a desired limit. + + +When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. +* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. +* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit. | `enforcedTargetLimit` | `integer` -| When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. - It is meant to be used by admins to to keep the overall number of targets under a desired limit. +| When defined, enforcedTargetLimit specifies a global limit on the number +of scraped targets. The value overrides any `spec.targetLimit` set by +ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is +greater than zero and less than `spec.enforcedTargetLimit`. + + +It is meant to be used by admins to to keep the overall number of +targets under a desired limit. + + +When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: +* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). + If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. +* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. +* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit. | `evaluationInterval` | `string` -| Interval between rule evaluations. Default: "30s" +| Interval between rule evaluations. +Default: "30s" | `excludedFromEnforcement` | `array` -| List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. - It is only applicable if `spec.enforcedNamespaceLabel` set to true. +| List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects +to be excluded from enforcing a namespace label of origin. + + +It is only applicable if `spec.enforcedNamespaceLabel` set to true. | `excludedFromEnforcement[]` | `object` @@ -215,57 +437,100 @@ Type:: | `exemplars` | `object` -| Exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective. +| Exemplars related settings that are runtime reloadable. +It requires to enable the `exemplar-storage` feature flag to be effective. | `externalLabels` | `object (string)` -| The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` take precedence over this list. +| The labels to add to any time series or alerts when communicating with +external systems (federation, remote storage, Alertmanager). +Labels defined by `spec.replicaExternalLabelName` and +`spec.prometheusExternalLabelName` take precedence over this list. | `externalUrl` | `string` -| The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). +| The external URL under which the Prometheus service is externally +available. This is necessary to generate correct URLs (for instance if +Prometheus is accessible behind an Ingress resource). | `hostAliases` | `array` -| Optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. +| Optional list of hosts and IPs that will be injected into the Pod's +hosts file if specified. | `hostAliases[]` | `object` -| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. +| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +pod's hosts file. | `hostNetwork` | `boolean` -| Use the host's network namespace if true. - Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). - When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` automatically. +| Use the host's network namespace if true. + + +Make sure to understand the security implications if you want to enable +it (https://kubernetes.io/docs/concepts/configuration/overview/). + + +When hostNetwork is enabled, this will set the DNS policy to +`ClusterFirstWithHostNet` automatically. | `ignoreNamespaceSelectors` | `boolean` -| When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object. +| When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor +and Probe objects will be ignored. They will only discover targets +within the namespace of the PodMonitor, ServiceMonitor and Probe +object. | `image` | `string` -| Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. - Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. - If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released. +| Container image name for Prometheus. If specified, it takes precedence +over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. + + +Specifying `spec.version` is still necessary to ensure the Prometheus +Operator knows which version of Prometheus is being configured. + + +If neither `spec.image` nor `spec.baseImage` are defined, the operator +will use the latest upstream version of Prometheus available at the time +when the operator was released. | `imagePullPolicy` | `string` -| Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. +| Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. +See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. | `imagePullSecrets` | `array` -| An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod +| An optional list of references to Secrets in the same namespace +to use for pulling images from registries. +See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod | `imagePullSecrets[]` | `object` -| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +| LocalObjectReference contains enough information to let you locate the +referenced object inside the same namespace. | `initContainers` | `array` -| InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. - The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. +| InitContainers allows injecting initContainers to the Pod definition. Those +can be used to e.g. fetch secrets for injection into the Prometheus +configuration from external sources. Any errors during the execution of +an initContainer will lead to a restart of the Pod. More info: +https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +InitContainers described here modify an operator generated init +containers if they share the same name and modifications are done via a +strategic merge patch. + + +The names of init container name managed by the operator are: +* `init-config-reloader`. + + +Overriding init containers is entirely outside the scope of what the +maintainers will support and by doing so, you accept that this behaviour +may break at any time without notice. | `initContainers[]` | `object` @@ -273,24 +538,47 @@ Type:: | `keepDroppedTargets` | `integer` -| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. - It requires Prometheus >= v2.47.0. +| Per-scrape limit on the number of targets dropped by relabeling +that will be kept in memory. 0 means no limit. + + +It requires Prometheus >= v2.47.0. + + +Note that the global limit only applies to scrape objects that don't specify an explicit limit value. +If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. | `labelLimit` | `integer` -| Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. +| Per-scrape limit on number of labels that will be accepted for a sample. +Only valid in Prometheus versions 2.45.0 and newer. + + +Note that the global limit only applies to scrape objects that don't specify an explicit limit value. +If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. | `labelNameLengthLimit` | `integer` -| Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. +| Per-scrape limit on length of labels name that will be accepted for a sample. +Only valid in Prometheus versions 2.45.0 and newer. + + +Note that the global limit only applies to scrape objects that don't specify an explicit limit value. +If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. | `labelValueLengthLimit` | `integer` -| Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. +| Per-scrape limit on length of labels value that will be accepted for a sample. +Only valid in Prometheus versions 2.45.0 and newer. + + +Note that the global limit only applies to scrape objects that don't specify an explicit limit value. +If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. | `listenLocal` | `boolean` -| When true, the Prometheus server listens on the loopback address instead of the Pod IP's address. +| When true, the Prometheus server listens on the loopback address +instead of the Pod IP's address. | `logFormat` | `string` @@ -302,12 +590,18 @@ Type:: | `maximumStartupDurationSeconds` | `integer` -| Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes). +| Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. +If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes). | `minReadySeconds` | `integer` -| Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. +| Minimum number of seconds for which a newly created Pod should be ready +without any of its container crashing for it to be considered available. +Defaults to 0 (pod will be considered available as soon as it is ready) + + +This is an alpha field from kubernetes 1.22 until 1.24 which requires +enabling the StatefulSetMinReadySeconds feature gate. | `nodeSelector` | `object (string)` @@ -315,41 +609,75 @@ Type:: | `overrideHonorLabels` | `boolean` -| When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to "exported_