diff --git a/charts/meta-external-secrets/.helmignore b/charts/meta-external-secrets/.helmignore new file mode 100644 index 0000000..7f28c89 --- /dev/null +++ b/charts/meta-external-secrets/.helmignore @@ -0,0 +1,3 @@ +config/* +values.schema.full.json +values.example.yaml diff --git a/charts/meta-external-secrets/Chart.yaml b/charts/meta-external-secrets/Chart.yaml new file mode 100644 index 0000000..e715f16 --- /dev/null +++ b/charts/meta-external-secrets/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: meta-external-secrets +description: Metachart born Helm Chart for external-secrets resources +type: application +version: "0.6.1" +appVersion: none diff --git a/charts/meta-external-secrets/README.md b/charts/meta-external-secrets/README.md new file mode 100644 index 0000000..19a3430 --- /dev/null +++ b/charts/meta-external-secrets/README.md @@ -0,0 +1,47 @@ +# meta-external-secrets + +`meta-external-secrets` is a [metachart](https://github.com/iponweb/metachart) +born [Helm](https://helm.sh/) Chart for +[external-secrets](https://github.com/external-secrets/external-secrets) +operator custom resources + +## Quickstart + +Add the [Helm](https://helm.sh/) repository: + +```shell +helm repo add iponweb https://iponweb.github.io/charts +``` + +Add the [values.schema.json](values.schema.json) file to your favourite IDE +to enable values file autocompletion and validation. +Examples: +- [IntelliJ IDEA](https://www.jetbrains.com/help/idea/json.html#ws_json_schema_add_custom) +- [Visual Studio Code](https://code.visualstudio.com/docs/languages/json#_json-schemas-and-settings) +- [Sublime Text](https://github.com/sublimelsp/LSP-json) + +Define `values.yaml` with required resources and install the release: + +```shell +helm install release-name -f values.yaml iponweb/meta-external-secrets +``` + +See also [values.example.yaml](values.example.yaml) + +## Documentation + +For complete resources list support see [resources](docs/resources.md). + +See the `metachart` [Documentation](https://github.com/iponweb/metachart/docs) +for more details. + +## Requirements + +Minimal supported [Helm](https://helm.sh/) version is `v3.2.0`. + +## Versioning + +Chart major and minor version parts follow +[external-secrets](https://github.com/external-secrets/external-secrets) +versions which has been used for the chart generation. Patch component is used +for charts own changes/fixes. diff --git a/charts/meta-external-secrets/config/resources.yaml b/charts/meta-external-secrets/config/resources.yaml new file mode 100644 index 0000000..e6bb067 --- /dev/null +++ b/charts/meta-external-secrets/config/resources.yaml @@ -0,0 +1,20 @@ +resources: + externalsecrets: + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret + + clusterexternalsecrets: + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret + + secretstores: + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore + + clustersecretstores: + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore diff --git a/charts/meta-external-secrets/config/schema.yaml b/charts/meta-external-secrets/config/schema.yaml new file mode 100644 index 0000000..365f8d6 --- /dev/null +++ b/charts/meta-external-secrets/config/schema.yaml @@ -0,0 +1,42 @@ +.defaults: + disallowed: &defaultDisallowed + - status + - kind + - apiVersion + properties: &defaultProperties + enabled: metachart.interface.boolean + metadata: metachart.api.meta.v1.ObjectMeta + rootKey: &defaultRootKey + disallowed: *defaultDisallowed + properties: *defaultProperties + +definitions: + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/kubernetes/v1.25.2-strict/_definitions.json + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/external-secrets/v0.6.1-strict/_definitions.json + +rules: + #: Common + #: + #: meta.v1.ObjectMeta + - target: metachart.api.meta.v1.ObjectMeta + source: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + allowed: + - annotations + - labels + - finalizers + - namespace + - name + + #: external-secrets.io/v1beta1 + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret + source: io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret + <<: *defaultRootKey + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret + source: io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret + <<: *defaultRootKey + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore + source: io.external-secrets.apis.externalsecrets.v1beta1.SecretStore + <<: *defaultRootKey + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore + source: io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore + <<: *defaultRootKey diff --git a/charts/meta-external-secrets/config/values.schema.custom.json b/charts/meta-external-secrets/config/values.schema.custom.json new file mode 100644 index 0000000..8df3a21 --- /dev/null +++ b/charts/meta-external-secrets/config/values.schema.custom.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "metachart.api.core.v1.ContainerList": { + "type": "object", + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.core.v1.Container" + } + }, + "additionalProperties": false + }, + "metachart.api.internal.Image": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "pullPolicy": { + "type": "string", + "enum": [ + "Always", + "IfNotPresent" + ] + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "additionalProperties": false + } + } +} diff --git a/charts/meta-external-secrets/docs/resources.md b/charts/meta-external-secrets/docs/resources.md new file mode 100644 index 0000000..1d734da --- /dev/null +++ b/charts/meta-external-secrets/docs/resources.md @@ -0,0 +1,12 @@ +# Resources + +A set of resources supported by the chart + +## external-secrets.io/v1beta1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| clusterexternalsecrets | ExternalSecret | - | +| clustersecretstores | ExternalSecret | - | +| externalsecrets | ExternalSecret | - | +| secretstores | ExternalSecret | - | \ No newline at end of file diff --git a/charts/meta-external-secrets/templates/_custom.tpl b/charts/meta-external-secrets/templates/_custom.tpl new file mode 100644 index 0000000..e69de29 diff --git a/charts/meta-external-secrets/templates/_metachart.tpl b/charts/meta-external-secrets/templates/_metachart.tpl new file mode 100644 index 0000000..d633212 --- /dev/null +++ b/charts/meta-external-secrets/templates/_metachart.tpl @@ -0,0 +1,639 @@ +{{/* +Create a default fully qualified app name. +Truncate at 63 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +Use only helm release name because helm chart is made to be used by different +kinds of applications. + +Return: string +*/}} +{{- define "metachart.fullname" -}} +{{- if $.Values.fullnameOverride }} +{{- $.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $.Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Compute chart name-version to be used by the chart label + +Return: string +*/}} +{{- define "metachart.chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Compute Chart labels + +Return: dict in json format +*/}} +{{- define "metachart.chartLabels" -}} +{{- $result := dict + "helm.sh/chart" (include "metachart.chart" $) + "app.kubernetes.io/instance" $.Release.Name + "app.kubernetes.io/managed-by" $.Release.Service +}} +{{- if $.Chart.AppVersion }} + {{- $_ := set $result "app.kubernetes.io/version" $.Chart.AppVersion }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Label selector to determine if a resource belongs to a component. Only +necessary and sufficient set of labels is used. + +Params: + + component : str - Component value which the resource belongs to + +Return: dict in json format +*/}} +{{- define "metachart.selectorLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $component := default nil $params.component }} +{{- /* Execution */}} +{{- $result := dict "app.kubernetes.io/instance" $.Release.Name }} +{{- with $component }} + {{- $_ := set $result "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute resource labels + +Params: + + definition : dict - Resource definition + component : str - Resource component value + relatedComponent : str - Related resource component value + +Return: dict in json format +*/}} +{{- define "metachart.resourceLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $component := default nil $params.component }} +{{- $relatedComponent := default nil $params.relatedComponent }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $chartLabels := include "metachart.chartLabels" $context | fromJson }} +{{- $globalLabels := default dict (default dict (default dict $.Values.settings).global).labels | deepCopy }} +{{- $resourceLabels := default dict $resourceMeta.labels | deepCopy }} +{{- if $relatedComponent }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $relatedComponent}} +{{- else if $component }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Validate if forbidden labels are used */}} +{{- range $reservedLabel := keys $chartLabels }} + {{- if hasKey $globalLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} + {{- if hasKey $resourceLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} +{{- end }} +{{- $result := merge $resourceLabels $globalLabels $chartLabels }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute checksums annotations for a resource + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceChecksumAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $checksums := default dict (default dict $definition.metadata).checksums }} +{{- range $kind, $names := $checksums }} + {{- if $names }} + {{- if (kindIs "slice" $names) }} + {{- range $name := $names }} + {{- $_ := set $result (printf "checksum-%s-%s" $kind $name) (include "metachart.checksumSingle" (merge (dict "params" + (dict + "kind" $kind + "name" $name + )) $)) }} + {{- end }} + {{- else if eq $names "*" }} + {{- $_ := set $result (printf "checksum-%s" $kind) (include "metachart.checksumKinds" (merge (dict "params" + (dict + "kinds" (list $kind) + )) $)) }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource annotations + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $checksums := (include "metachart.resourceChecksumAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- $result := merge (default dict ($resourceMeta.annotations) | deepCopy) (default dict $.Values.annotations) $checksums }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource ObjectMeta + +Params: + + definition : dict - Resource definition + name : string - Resource name as defined in the values file + nameSuffix : string - Suffix to be added to the resource name + withName : bool - Whether name key must be added (default: true) + withNameFullnamePrefix : bool - Whether fullname prefix must be added to the name (default: true) + +Return: dict in json format +*/}} +{{- define "metachart.resourceMeta" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $nameSuffix := $params.nameSuffix }} +{{- $withName := (hasKey $params "withName" | ternary $params.withName true) }} +{{- $withNameFullnamePrefix := (hasKey $params "withNameFullnamePrefix" | ternary $params.withNameFullnamePrefix true) }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- /* Execution */}} +{{- $result := omit $resourceMeta "labels" "annotations" "name" "checksums" }} +{{- $fullnamePrefix := "" }} +{{- if $withNameFullnamePrefix }} +{{- $fullnamePrefix = printf "%s-" (include "metachart.fullname" $context) }} +{{- end }} +{{- if $withName }} + {{- if $resourceMeta.name }} + {{- $_ := set $result "name" $resourceMeta.name }} + {{- else if $name }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s-%s" $fullnamePrefix $name $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $name) }} + {{- end }} + {{- else }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s" (include "metachart.fullname" $context)) }} + {{- end }} + {{- end }} +{{- end }} +{{- $_ := set $result "labels" (include "metachart.resourceLabels" (merge (dict "params" $params) $context) | fromJson) }} +{{- $_ = set $result "annotations" (include "metachart.resourceAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover all string values and render them as templates + +Params: + + data : any - data to be processed + +Return: dict in json format +*/}} +{{- define "metachart.deepRender" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $data := ($params.data | deepCopy) }} +{{- /* Execution */}} +{{- if kindIs "string" $data }} + {{- $result := tpl $data $context }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else if kindIs "map" $data }} + {{- $result := dict }} + {{- range $key, $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $_ := set $result $key $newValue }} + {{- else }} + {{- $_ := set $result $key $value }} + {{- end }} + {{- end }} + {{- $result | toJson }} +{{- else if kindIs "slice" $data }} + {{- $result := list }} + {{- range $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $result = append $result $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $result = append $result $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $result = append $result $newValue }} + {{- else }} + {{- $result = append $result $value }} + {{- end }} + {{- end }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else }} + {{- $result := $data }} + {{- /* Return */}} + {{- $result | toJson }} +{{- end }} +{{- end }} + +{{/* +Deep merge like function which concats 2 slices if meets in instead of +override. This implementation takes into account that each of source and target +values can be none one of specific type or nil. + +Params: + + source : dict | slice - Merge from + target : dict | slice - Merge to + +Return: dict | slice in json format +*/}} +{{- define "metachart.mergeConcatLists" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $source := ($params.source | deepCopy) }} +{{- $target := ($params.target | deepCopy) }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $keys := keys (default dict $source) (default dict $target) | uniq }} +{{- range $key := $keys }} + {{- $sourceValue := get $source $key }} + {{- $targetValue := get $target $key }} + {{- if or (kindIs "map" $sourceValue) (kindIs "map" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "map" $sourceValue }}{{- else }}{{- $sourceValue = dict }}{{- end }} + {{- if kindIs "map" $targetValue }}{{- else }}{{- $targetValue = dict }}{{- end }} + {{- $newValue := include "metachart.mergeConcatLists" (dict "params" (dict + "source" $sourceValue + "target" $targetValue + )) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if or (kindIs "slice" $sourceValue) (kindIs "slice" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "slice" $sourceValue }}{{- else }}{{- $sourceValue = list }}{{- end }} + {{- if kindIs "slice" $targetValue }}{{- else }}{{- $targetValue = list }}{{- end }} + {{- $newValue := concat $sourceValue $targetValue }} + {{- $_ := set $result $key $newValue }} + {{- else if hasKey $target $key }} + {{- $_ := set $result $key $targetValue }} + {{- else }} + {{- $_ := set $result $key $sourceValue }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover defaults for the specific kind and apply them to the resource + +Params: + + definition : dict - Resource definition + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.setDefaults" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := ($params.definition | deepCopy) }} +{{- $kind := $params.kind }} +{{- $kindSettings := ternary (get $.Values.settings $kind) (dict) (hasKey (default dict $.Values.settings) $kind) }} +{{- /* Execution */}} +{{- $defaults := default dict $kindSettings.defaults }} +{{- include "metachart.mergeConcatLists" (dict "params" (dict + "source" $defaults + "target" $definition +)) }} +{{- end }} + +{{/* +Discover all available resources (standalone and related) of specific kind. +It takes into account: + +- If resource kind is not disable in settings +- If resource definition.enabled is not false + +Params: + + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.discover" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $kindSettings := dict }} +{{- if hasKey (default dict $.Values.settings) $kind }} + {{- $kindSettings = get (default dict $.Values.settings) $kind }} +{{- end }} +{{- if not $kindSettings.disabled }} + {{- if hasKey $.Values $kind }} + {{- range $resourceName, $resourceDefinition := get $.Values $kind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $_ := set $result $resourceName $resourceDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- /* Discover related resources */}} + {{- $settingsKindAll := include "metachart.settings" $context | fromYaml | keys }} + {{- range $settingsKind := $settingsKindAll }} + {{- $resourceSettings := dict }} + {{- if hasKey (default dict $.Values.settings) $settingsKind }} + {{- $resourceSettings = get (default dict $.Values.settings) $settingsKind }} + {{- end }} + {{- if not $resourceSettings.disabled }} + {{- if hasKey $.Values $settingsKind }} + {{- range $resourceName, $resourceDefinition := get $.Values $settingsKind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $resourceRelated := default dict $resourceDefinition.related }} + {{- if hasKey $resourceRelated $kind }} + {{- range $name, $definition := get $resourceRelated $kind }} + {{- if hasKey $result $name }} + {{- fail (printf "Resource %s/%s defined in global and related scopes" $kind $name) }} + {{- else }} + {{- $patchedDefinition := $definition | deepCopy }} + {{- $_ := set $patchedDefinition "relatedComponent" (printf "%s-%s" $settingsKind $resourceName)}} + {{- $_ = set $result $name $patchedDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Build a complete resource ready for rendering + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + definition : dict - Resource definition + apiVersion : strint - Resource ApiVersion + kindCamelCase : string - Resource kind in CamelCase format + preprocess : bool - Whether the resource kind has a preprocessor + +Return: dict in json format +*/}} +{{- define "metachart.buildResource" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $name := $params.name }} +{{- $definition := $params.definition }} +{{- $apiVersion := $params.apiVersion }} +{{- $kindCamelCase := $params.kindCamelCase }} +{{- $preprocess := $params.preprocess }} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $component := (printf "%s-%s" $kind $name) }} +{{- $relatedComponent := $definition.relatedComponent }} +{{- $resource := dict + "apiVersion" $apiVersion + "kind" $kindCamelCase +}} +{{- $resource = merge $resource (omit ($definition | deepCopy) "enabled" "metadata" "related" "relatedComponent") }} +{{- $_ := set $resource "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $definition + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson) }} +{{- /* Apply defaults */}} +{{- $resource = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $resource + "kind" $kind + )) $context) | fromJson }} +{{- /* Preprocessing */}} +{{- $preprocessed := $resource }} +{{- if $preprocess }} + {{- $preprocessor := printf "metachart.preprocess.%s" $kind }} + {{- $preprocessed = include $preprocessor (merge (dict "params" + (dict + "definition" $resource + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson }} +{{- end }} +{{- /* Render */}} +{{- $result := include "metachart.deepRender" (merge (dict "params" (dict "data" $preprocessed)) $) | fromJson }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Render all release resources + +Return: yaml +*/}} +{{- define "metachart.renderAll" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $kinds := (include "metachart.settings" $context) | fromYaml | keys }} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "kinds" $kinds + )) $) }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Render specific resource kinds + +Params: + + kinds : slice - List of kinds + +Return: yaml +*/}} +{{- define "metachart.renderKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kinds := $params.kinds }} +{{- /* Execution */}} +{{- $result := "" }} +{{- range $kind := $kinds }} + {{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} + {{- range $name, $definition := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} + {{- $rendered := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} + {{- $result = printf "%s---%s\n...\n" $result $rendered }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of resources of specific kind + +Params: + + kinds : slice - List of kinds + +Return: string +*/}} +{{- define "metachart.checksumKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} + +{{/* +Render single resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: yaml +*/}} +{{- define "metachart.renderSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- $name := $params.name }} +{{- /* Execution */}} +{{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} +{{- $definitionsAll := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} +{{- if hasKey $definitionsAll $name }}{{- else }}{{- fail (printf "can not find resource %s/%s" $kind $name)}}{{- end }} +{{- $definition := get $definitionsAll $name }} +{{- $result := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of a specific resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: string +*/}} +{{- define "metachart.checksumSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderSingle" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} diff --git a/charts/meta-external-secrets/templates/generated/_settings.tpl b/charts/meta-external-secrets/templates/generated/_settings.tpl new file mode 100644 index 0000000..5b1ad62 --- /dev/null +++ b/charts/meta-external-secrets/templates/generated/_settings.tpl @@ -0,0 +1,19 @@ +{{- /* Resources definition */}} +{{- define "metachart.settings" }} +clusterexternalsecrets: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ExternalSecret + preprocess: false +clustersecretstores: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ExternalSecret + preprocess: false +externalsecrets: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ExternalSecret + preprocess: false +secretstores: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ExternalSecret + preprocess: false +{{- end }} \ No newline at end of file diff --git a/charts/meta-external-secrets/templates/resources.yaml b/charts/meta-external-secrets/templates/resources.yaml new file mode 100644 index 0000000..017a652 --- /dev/null +++ b/charts/meta-external-secrets/templates/resources.yaml @@ -0,0 +1 @@ +{{- include "metachart.renderAll" $ }} diff --git a/charts/meta-external-secrets/values.example.yaml b/charts/meta-external-secrets/values.example.yaml new file mode 100644 index 0000000..55a7ac0 --- /dev/null +++ b/charts/meta-external-secrets/values.example.yaml @@ -0,0 +1,47 @@ +#: +#: The values file explains how the scenario from the +#: https://external-secrets.io/v0.6.1/guides/getting-started/ can be done +#: using the Chart +#: + +secretstores: + main: + spec: + provider: + aws: + service: SecretsManager + region: us-east-1 + auth: + secretRef: + #: Already existing secrets: + #: + #: kubectl create secret generic awssm-secret --from-file=./access-key --from-file=./secret-access-key + #: + accessKeyIDSecretRef: + name: awssm-secret + key: access-key + secretAccessKeySecretRef: + name: awssm-secret + key: secret-access-key + +externalsecrets: + main: + spec: + refreshInterval: 1h + secretStoreRef: + #: Reference to the previously defined `secretstores` resource + name: '{{ include "metachart.fullname" $ }}-main' + kind: SecretStore + target: + name: secret-to-be-created + creationPolicy: Owner + data: + - secretKey: secret-key-to-be-managed + remoteRef: + key: provider-key + version: provider-key-version + property: provider-key-property + dataFrom: + - extract: + key: remote-key-in-the-provider + diff --git a/charts/meta-external-secrets/values.schema.full.json b/charts/meta-external-secrets/values.schema.full.json new file mode 100644 index 0000000..2707b7b --- /dev/null +++ b/charts/meta-external-secrets/values.schema.full.json @@ -0,0 +1,2135 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth": { + "additionalProperties": false, + "description": "AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.", + "properties": { + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef": { + "additionalProperties": false, + "description": "AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.", + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The AccessKeyID is used for authentication" + }, + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessKey is used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth": { + "additionalProperties": false, + "description": "Authenticate against AWS using service account tokens.", + "properties": { + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider": { + "additionalProperties": false, + "description": "AWSProvider configures a store to sync secrets with AWS.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + }, + "region": { + "default": "", + "description": "AWS Region to be used for the provider", + "type": "string" + }, + "role": { + "description": "Role is a Role ARN which the SecretManager provider will assume", + "type": "string" + }, + "service": { + "default": "", + "description": "Service defines which service should be used to fetch the secrets", + "type": "string" + } + }, + "required": [ + "service", + "region" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth": { + "additionalProperties": false, + "properties": { + "kubernetesAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth", + "description": "Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource." + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef", + "default": {}, + "description": "Reference to a Secret that contains the details to authenticate with Akeyless." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef": { + "additionalProperties": false, + "description": "AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.", + "properties": { + "accessID": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessID is used for authentication" + }, + "accessType": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessTypeParam": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth": { + "additionalProperties": false, + "description": "Authenticate with Kubernetes ServiceAccount token stored.", + "properties": { + "accessID": { + "default": "", + "description": "the Akeyless Kubernetes auth-method access-id", + "type": "string" + }, + "k8sConfName": { + "default": "", + "description": "Kubernetes-auth configuration name in Akeyless-Gateway", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used." + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead." + } + }, + "required": [ + "accessID", + "k8sConfName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider": { + "additionalProperties": false, + "description": "AkeylessProvider Configures an store to sync secrets using Akeyless KV.", + "properties": { + "akeylessGWApiURL": { + "description": "Akeyless GW API Url from which the secrets to be fetched from.", + "type": "string" + }, + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth", + "description": "Auth configures how the operator authenticates with Akeyless." + } + }, + "required": [ + "akeylessGWApiURL", + "authSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth": { + "additionalProperties": false, + "description": "AlibabaAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef": { + "additionalProperties": false, + "description": "AlibabaAuthSecretRef holds secret references for Alibaba credentials.", + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The AccessKeyID is used for authentication" + }, + "accessKeySecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The AccessKeySecret is used for authentication" + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider": { + "additionalProperties": false, + "description": "AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth" + }, + "endpoint": { + "default": "", + "type": "string" + }, + "regionID": { + "default": "", + "description": "Alibaba Region to be used for the provider", + "type": "string" + } + }, + "required": [ + "auth", + "regionID" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth": { + "additionalProperties": false, + "description": "Configuration used to authenticate with Azure.", + "properties": { + "clientId": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "The Azure clientId of the service principle used for authentication." + }, + "clientSecret": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "The Azure ClientSecret of the service principle used for authentication." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using Azure KV.", + "properties": { + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth", + "description": "Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type." + }, + "authType": { + "description": "Auth type defines how to authenticate to the keyvault service. Valid values are: - \"ServicePrincipal\" (default): Using a service principal (tenantId, clientId, clientSecret) - \"ManagedIdentity\": Using Managed Identity assigned to the pod (see aad-pod-identity)", + "type": "string" + }, + "environmentType": { + "description": "EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud", + "type": "string" + }, + "identityId": { + "description": "If multiple Managed Identity is assigned to the pod, you can select the one to be used", + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity." + }, + "tenantId": { + "description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.", + "type": "string" + }, + "vaultUrl": { + "description": "Vault Url from which the secrets to be fetched from.", + "type": "string" + } + }, + "required": [ + "vaultUrl" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CAProvider": { + "additionalProperties": false, + "description": "Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "type": "string" + }, + "name": { + "default": "", + "description": "The name of the object located at the provider type.", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.", + "type": "string" + }, + "type": { + "default": "", + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CertAuth": { + "additionalProperties": false, + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "clientKey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec": { + "additionalProperties": false, + "description": "ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.", + "properties": { + "externalSecretName": { + "default": "", + "description": "The name of the external secrets to be created defaults to the name of the ClusterExternalSecret", + "type": "string" + }, + "externalSecretSpec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {}, + "description": "The spec for the ExternalSecrets to be created" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {}, + "description": "The labels to select by to find the Namespaces to create the ExternalSecrets in." + }, + "refreshTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "description": "The time in which the controller should reconcile it's objects and recheck namespaces for labels." + } + }, + "required": [ + "externalSecretSpec", + "namespaceSelector" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition": { + "additionalProperties": false, + "description": "ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.", + "properties": { + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Choose namespace using a labelSelector" + }, + "namespaces": { + "description": "Choose namespaces by name", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef": { + "additionalProperties": false, + "properties": { + "dopplerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified." + } + }, + "required": [ + "dopplerToken" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider": { + "additionalProperties": false, + "description": "DopplerProvider configures a store to sync secrets using the Doppler provider. Project and Config are required if not using a Service Token.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth", + "description": "Auth configures how the Operator authenticates with the Doppler API" + }, + "config": { + "description": "Doppler config (required if not using a Service Token)", + "type": "string" + }, + "format": { + "description": "Format enables the downloading of secrets as a file (string)", + "type": "string" + }, + "nameTransformer": { + "description": "Environment variable compatible name transforms that change secret names to a different format", + "type": "string" + }, + "project": { + "description": "Doppler project (required if not using a Service Token)", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData": { + "additionalProperties": false, + "description": "ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.\u003ckey\u003e) and the Provider data.", + "properties": { + "remoteRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef", + "default": {} + }, + "secretKey": { + "default": "", + "type": "string" + } + }, + "required": [ + "secretKey", + "remoteRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef": { + "additionalProperties": false, + "properties": { + "extract": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef", + "description": "Used to extract multiple key/value pairs from one secret" + }, + "find": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind", + "description": "Used to find secrets based on tags or regular expressions" + }, + "rewrite": { + "description": "Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef": { + "additionalProperties": false, + "description": "ExternalSecretDataRemoteRef defines Provider data location.", + "properties": { + "conversionStrategy": { + "description": "Used to define a conversion Strategy", + "type": "string" + }, + "decodingStrategy": { + "description": "Used to define a decoding Strategy", + "type": "string" + }, + "key": { + "default": "", + "description": "Key is the key used in the Provider, mandatory", + "type": "string" + }, + "metadataPolicy": { + "description": "Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None", + "type": "string" + }, + "property": { + "description": "Used to select a specific property of the Provider value (if a map), if supported", + "type": "string" + }, + "version": { + "description": "Used to select a specific version of the Provider value, if supported", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind": { + "additionalProperties": false, + "properties": { + "conversionStrategy": { + "description": "Used to define a conversion Strategy", + "type": "string" + }, + "decodingStrategy": { + "description": "Used to define a decoding Strategy", + "type": "string" + }, + "name": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FindName", + "description": "Finds secrets based on the name." + }, + "path": { + "description": "A root path to start the find operations.", + "type": "string" + }, + "tags": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Find secrets based on tags.", + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite": { + "additionalProperties": false, + "properties": { + "regexp": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp", + "description": "Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp": { + "additionalProperties": false, + "properties": { + "source": { + "default": "", + "description": "Used to define the regular expression of a re.Compiler.", + "type": "string" + }, + "target": { + "default": "", + "description": "Used to define the target pattern of a ReplaceAll operation.", + "type": "string" + } + }, + "required": [ + "source", + "target" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec": { + "additionalProperties": false, + "description": "ExternalSecretSpec defines the desired state of ExternalSecret.", + "properties": { + "data": { + "description": "Data defines the connection between the Kubernetes Secret keys and the Provider data", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData", + "default": {} + }, + "type": "array" + }, + "dataFrom": { + "description": "DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef", + "default": {} + }, + "type": "array" + }, + "refreshInterval": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\" May be set to zero to fetch and create it once. Defaults to 1h." + }, + "secretStoreRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef", + "default": {} + }, + "target": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget", + "default": {} + } + }, + "required": [ + "secretStoreRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget": { + "additionalProperties": false, + "description": "ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.", + "properties": { + "creationPolicy": { + "description": "CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'", + "type": "string" + }, + "deletionPolicy": { + "description": "DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'", + "type": "string" + }, + "immutable": { + "description": "Immutable defines if the final secret will be immutable", + "type": "boolean" + }, + "name": { + "description": "Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource", + "type": "string" + }, + "template": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate", + "description": "Template defines a blueprint for the created Secret resource." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate": { + "additionalProperties": false, + "description": "ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448", + "properties": { + "data": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata", + "default": {} + }, + "templateFrom": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom", + "default": {} + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata": { + "additionalProperties": false, + "description": "ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider": { + "additionalProperties": false, + "description": "FakeProvider configures a fake provider that returns static values.", + "properties": { + "data": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "value": { + "type": "string" + }, + "valueMap": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FindName": { + "additionalProperties": false, + "properties": { + "regexp": { + "description": "Finds secrets base", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef" + }, + "workloadIdentity": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessKey is used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider": { + "additionalProperties": false, + "description": "GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against GCP" + }, + "projectID": { + "description": "ProjectID project where secret is located", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity": { + "additionalProperties": false, + "properties": { + "clusterLocation": { + "default": "", + "type": "string" + }, + "clusterName": { + "default": "", + "type": "string" + }, + "clusterProjectID": { + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {} + } + }, + "required": [ + "serviceAccountRef", + "clusterLocation", + "clusterName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth": { + "additionalProperties": false, + "properties": { + "SecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef", + "default": {} + } + }, + "required": [ + "SecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider": { + "additionalProperties": false, + "description": "Configures a store to sync secrets with a GitLab instance.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with a GitLab instance." + }, + "environment": { + "description": "Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)", + "type": "string" + }, + "projectID": { + "description": "ProjectID specifies a project where secrets are located.", + "type": "string" + }, + "url": { + "description": "URL configures the GitLab instance URL. Defaults to https://gitlab.com/.", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef": { + "additionalProperties": false, + "properties": { + "accessToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "AccessToken is used for authentication." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth": { + "additionalProperties": false, + "properties": { + "containerAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth", + "default": {} + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth": { + "additionalProperties": false, + "description": "IBM Container-based auth with IAM Trusted Profile.", + "properties": { + "iamEndpoint": { + "type": "string" + }, + "profile": { + "default": "", + "description": "the IBM Trusted Profile", + "type": "string" + }, + "tokenLocation": { + "description": "Location the token is mounted on the pod", + "type": "string" + } + }, + "required": [ + "profile" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretApiKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessKey is used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with the IBM secrets manager." + }, + "serviceUrl": { + "description": "ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth": { + "additionalProperties": false, + "properties": { + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CertAuth", + "description": "has both clientCert and clientKey as secretKeySelector" + }, + "serviceAccount": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "points to a service account that should be used for authentication" + }, + "token": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth", + "description": "use static token to authenticate with" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider": { + "additionalProperties": false, + "description": "Configures a store to sync secrets with a Kubernetes instance.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with a Kubernetes instance." + }, + "remoteNamespace": { + "default": "", + "description": "Remote namespace to fetch the secrets from", + "type": "string" + }, + "server": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer", + "default": {}, + "description": "configures the Kubernetes server Address." + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer": { + "additionalProperties": false, + "properties": { + "caBundle": { + "description": "CABundle is a base64-encoded CA certificate", + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider", + "description": "see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider" + }, + "url": { + "description": "configures the Kubernetes server Address.", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth": { + "additionalProperties": false, + "description": "OnePasswordAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef" + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef": { + "additionalProperties": false, + "description": "OnePasswordAuthSecretRef holds secret references for 1Password credentials.", + "properties": { + "connectTokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The ConnectToken is used for authentication to a 1Password Connect Server." + } + }, + "required": [ + "connectTokenSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider": { + "additionalProperties": false, + "description": "OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth", + "description": "Auth defines the information necessary to authenticate against OnePassword Connect Server" + }, + "connectHost": { + "default": "", + "description": "ConnectHost defines the OnePassword Connect Server to connect to", + "type": "string" + }, + "vaults": { + "additionalProperties": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "description": "Vaults defines which OnePassword vaults to search in which order", + "type": "object" + } + }, + "required": [ + "auth", + "connectHost", + "vaults" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef", + "default": {}, + "description": "SecretRef to pass through sensitive information." + }, + "tenancy": { + "default": "", + "description": "Tenancy is the tenancy OCID where user is located.", + "type": "string" + }, + "user": { + "default": "", + "description": "User is an access OCID specific to the account.", + "type": "string" + } + }, + "required": [ + "tenancy", + "user", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using a Oracle Vault backend.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth", + "description": "Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth." + }, + "region": { + "default": "", + "description": "Region is the region where vault is located.", + "type": "string" + }, + "vault": { + "default": "", + "description": "Vault is the vault's OCID of the specific vault where secret is located.", + "type": "string" + } + }, + "required": [ + "region", + "vault" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef": { + "additionalProperties": false, + "properties": { + "fingerprint": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "Fingerprint is the fingerprint of the API private key." + }, + "privatekey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "PrivateKey is the user's API Signing Key in PEM format, used for authentication." + } + }, + "required": [ + "privatekey", + "fingerprint" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider": { + "additionalProperties": false, + "description": "SecretStoreProvider contains the provider-specific configuration.", + "properties": { + "akeyless": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider", + "description": "Akeyless configures this store to sync secrets using Akeyless Vault provider" + }, + "alibaba": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider", + "description": "Alibaba configures this store to sync secrets using Alibaba Cloud provider" + }, + "aws": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider", + "description": "AWS configures this store to sync secrets using AWS Secret Manager provider" + }, + "azurekv": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider", + "description": "AzureKV configures this store to sync secrets using Azure Key Vault provider" + }, + "doppler": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider", + "description": "Doppler configures this store to sync secrets using the Doppler provider" + }, + "fake": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider", + "description": "Fake configures a store with static key/value pairs" + }, + "gcpsm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider", + "description": "GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider" + }, + "gitlab": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider", + "description": "Gitlab configures this store to sync secrets using Gitlab Variables provider" + }, + "ibm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider", + "description": "IBM configures this store to sync secrets using IBM Cloud provider" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider", + "description": "Kubernetes configures this store to sync secrets using a Kubernetes cluster provider" + }, + "onepassword": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider", + "description": "OnePassword configures this store to sync secrets using the 1Password Cloud provider" + }, + "oracle": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider", + "description": "Oracle configures this store to sync secrets using Oracle Vault provider" + }, + "senhasegura": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider", + "description": "Senhasegura configures this store to sync secrets using senhasegura provider" + }, + "vault": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider", + "description": "Vault configures this store to sync secrets using Hashi provider" + }, + "webhook": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider", + "description": "Webhook configures this store to sync secrets using a generic templated webhook" + }, + "yandexcertificatemanager": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider", + "description": "YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider" + }, + "yandexlockbox": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider", + "description": "YandexLockbox configures this store to sync secrets using Yandex Lockbox provider" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef": { + "additionalProperties": false, + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the SecretStore resource", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings": { + "additionalProperties": false, + "properties": { + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "retryInterval": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec": { + "additionalProperties": false, + "description": "SecretStoreSpec defines the desired state of SecretStore.", + "properties": { + "conditions": { + "description": "Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition", + "default": {} + }, + "type": "array" + }, + "controller": { + "default": "", + "description": "Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property", + "type": "string" + }, + "provider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider", + "description": "Used to configure the provider. Only one provider may be set" + }, + "refreshInterval": { + "default": 0, + "description": "Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.", + "format": "int32", + "type": "integer" + }, + "retrySettings": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings", + "description": "Used to configure http retries if failed" + } + }, + "required": [ + "provider" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth": { + "additionalProperties": false, + "description": "SenhaseguraAuth tells the controller how to do auth in senhasegura.", + "properties": { + "clientId": { + "default": "", + "type": "string" + }, + "clientSecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "clientId", + "clientSecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider": { + "additionalProperties": false, + "description": "SenhaseguraProvider setup a store to sync secrets with senhasegura.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth", + "default": {}, + "description": "Auth defines parameters to authenticate in senhasegura" + }, + "ignoreSslCertificate": { + "description": "IgnoreSslCertificate defines if SSL certificate must be ignored", + "type": "boolean" + }, + "module": { + "default": "", + "description": "Module defines which senhasegura module should be used to get secrets", + "type": "string" + }, + "url": { + "default": "", + "description": "URL of senhasegura", + "type": "string" + } + }, + "required": [ + "url", + "module", + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + }, + "secret": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name", + "items" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth": { + "additionalProperties": false, + "properties": { + "bearerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole": { + "additionalProperties": false, + "description": "VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "properties": { + "path": { + "default": "", + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", + "type": "string" + }, + "roleId": { + "default": "", + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret." + } + }, + "required": [ + "path", + "roleId", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth": { + "additionalProperties": false, + "description": "VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.", + "properties": { + "appRole": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole", + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource." + }, + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth", + "description": "Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method" + }, + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth", + "description": "Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth", + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server." + }, + "ldap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth", + "description": "Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method" + }, + "tokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "TokenSecretRef authenticates with Vault by presenting a token." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth": { + "additionalProperties": false, + "description": "VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.", + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "ClientCert is a certificate to authenticate using the Cert Vault authentication method" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth": { + "additionalProperties": false, + "description": "VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.", + "properties": { + "kubernetesServiceAccountToken": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth", + "description": "Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API." + }, + "path": { + "default": "", + "description": "Path where the JWT authentication backend is mounted in Vault, e.g: \"jwt\"", + "type": "string" + }, + "role": { + "default": "", + "description": "Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method." + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth": { + "additionalProperties": false, + "description": "Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.", + "properties": { + "mountPath": { + "default": "", + "description": "Path where the Kubernetes authentication backend is mounted in Vault, e.g: \"kubernetes\"", + "type": "string" + }, + "role": { + "default": "", + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used." + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead." + } + }, + "required": [ + "mountPath", + "role" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth": { + "additionalProperties": false, + "description": "VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.", + "properties": { + "audiences": { + "description": "Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "expirationSeconds": { + "description": "Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.", + "format": "int64", + "type": "integer" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {}, + "description": "Service account field containing the name of a kubernetes ServiceAccount." + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth": { + "additionalProperties": false, + "description": "VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.", + "properties": { + "path": { + "default": "", + "description": "Path where the LDAP authentication backend is mounted in Vault, e.g: \"ldap\"", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method" + }, + "username": { + "default": "", + "description": "Username is a LDAP user name used to authenticate using the LDAP Vault authentication method", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using a HashiCorp Vault KV backend.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with the Vault server." + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider", + "description": "The provider for the CA bundle to use to validate Vault server certificate." + }, + "forwardInconsistent": { + "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", + "type": "boolean" + }, + "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", + "type": "string" + }, + "path": { + "description": "Path is the mount path of the Vault KV backend endpoint, e.g: \"secret\". The v2 KV secret engine version specific \"/data\" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.", + "type": "string" + }, + "readYourWrites": { + "description": "ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency", + "type": "boolean" + }, + "server": { + "default": "", + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", + "type": "string" + }, + "version": { + "default": "", + "description": "Version is the Vault KV secret engine version. This can be either \"v1\" or \"v2\". Version defaults to \"v2\".", + "type": "string" + } + }, + "required": [ + "auth", + "server", + "version" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider": { + "additionalProperties": false, + "description": "Defines a location to fetch the cert for the webhook provider from.", + "properties": { + "key": { + "description": "The key the value inside of the provider type to use, only used with \"Secret\" type", + "type": "string" + }, + "name": { + "default": "", + "description": "The name of the object located at the provider type.", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.", + "type": "string" + }, + "type": { + "default": "", + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider": { + "additionalProperties": false, + "description": "AkeylessProvider Configures an store to sync secrets using Akeyless KV.", + "properties": { + "body": { + "description": "Body", + "type": "string" + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider", + "description": "The provider for the CA bundle to use to validate webhook server certificate." + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Headers", + "type": "object" + }, + "method": { + "description": "Webhook Method", + "type": "string" + }, + "result": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult", + "default": {}, + "description": "Result formatting" + }, + "secrets": { + "description": "Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret", + "default": {} + }, + "type": "array" + }, + "timeout": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "description": "Timeout" + }, + "url": { + "default": "", + "description": "Webhook url to call", + "type": "string" + } + }, + "required": [ + "url", + "result" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult": { + "additionalProperties": false, + "properties": { + "jsonPath": { + "description": "Json path of return value", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret": { + "additionalProperties": false, + "properties": { + "name": { + "default": "", + "description": "Name of this secret in templates", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "Secret ref to fill in credentials" + } + }, + "required": [ + "name", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The authorized key used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider": { + "additionalProperties": false, + "description": "YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.", + "properties": { + "apiEndpoint": { + "description": "Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against Yandex Certificate Manager" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider", + "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The authorized key used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider": { + "additionalProperties": false, + "description": "YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.", + "properties": { + "apiEndpoint": { + "description": "Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against Yandex Lockbox" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider", + "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.meta.v1.SecretKeySelector": { + "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.meta.v1.ServiceAccountSelector": { + "additionalProperties": false, + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "name": { + "default": "", + "description": "The name of the ServiceAccount resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "default": "", + "description": "key is the label key that the selector applies to.", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret": { + "additionalProperties": false, + "description": "ClusterExternalSecret is the Schema for the clusterexternalsecrets API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore": { + "additionalProperties": false, + "description": "ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret": { + "additionalProperties": false, + "description": "ExternalSecret is the Schema for the external-secrets API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore": { + "additionalProperties": false, + "description": "SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + } + }, + "properties": { + "clusterexternalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + } + }, + "type": "object" + }, + "clustersecretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "externalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + } + }, + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "secretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "clusterexternalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clustersecretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "externalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "secretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-external-secrets/values.schema.json b/charts/meta-external-secrets/values.schema.json new file mode 100644 index 0000000..b5c8ee6 --- /dev/null +++ b/charts/meta-external-secrets/values.schema.json @@ -0,0 +1,1871 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth": { + "additionalProperties": false, + "properties": { + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef": { + "additionalProperties": false, + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth": { + "additionalProperties": false, + "properties": { + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth", + "default": {} + }, + "region": { + "default": "", + "type": "string" + }, + "role": { + "type": "string" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "service", + "region" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth": { + "additionalProperties": false, + "properties": { + "kubernetesAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef": { + "additionalProperties": false, + "properties": { + "accessID": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessType": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessTypeParam": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth": { + "additionalProperties": false, + "properties": { + "accessID": { + "default": "", + "type": "string" + }, + "k8sConfName": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "required": [ + "accessID", + "k8sConfName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider": { + "additionalProperties": false, + "properties": { + "akeylessGWApiURL": { + "type": "string" + }, + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth" + } + }, + "required": [ + "akeylessGWApiURL", + "authSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef": { + "additionalProperties": false, + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessKeySecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth" + }, + "endpoint": { + "default": "", + "type": "string" + }, + "regionID": { + "default": "", + "type": "string" + } + }, + "required": [ + "auth", + "regionID" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth": { + "additionalProperties": false, + "properties": { + "clientId": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + }, + "clientSecret": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider": { + "additionalProperties": false, + "properties": { + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth" + }, + "authType": { + "type": "string" + }, + "environmentType": { + "type": "string" + }, + "identityId": { + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + }, + "tenantId": { + "type": "string" + }, + "vaultUrl": { + "type": "string" + } + }, + "required": [ + "vaultUrl" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CAProvider": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "type": "string" + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CertAuth": { + "additionalProperties": false, + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "clientKey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec": { + "additionalProperties": false, + "properties": { + "externalSecretName": { + "default": "", + "type": "string" + }, + "externalSecretSpec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {} + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {} + }, + "refreshTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + } + }, + "required": [ + "externalSecretSpec", + "namespaceSelector" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition": { + "additionalProperties": false, + "properties": { + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaces": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef": { + "additionalProperties": false, + "properties": { + "dopplerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "dopplerToken" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth" + }, + "config": { + "type": "string" + }, + "format": { + "type": "string" + }, + "nameTransformer": { + "type": "string" + }, + "project": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData": { + "additionalProperties": false, + "properties": { + "remoteRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef", + "default": {} + }, + "secretKey": { + "default": "", + "type": "string" + } + }, + "required": [ + "secretKey", + "remoteRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef": { + "additionalProperties": false, + "properties": { + "extract": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef" + }, + "find": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind" + }, + "rewrite": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef": { + "additionalProperties": false, + "properties": { + "conversionStrategy": { + "type": "string" + }, + "decodingStrategy": { + "type": "string" + }, + "key": { + "default": "", + "type": "string" + }, + "metadataPolicy": { + "type": "string" + }, + "property": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind": { + "additionalProperties": false, + "properties": { + "conversionStrategy": { + "type": "string" + }, + "decodingStrategy": { + "type": "string" + }, + "name": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FindName" + }, + "path": { + "type": "string" + }, + "tags": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite": { + "additionalProperties": false, + "properties": { + "regexp": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp": { + "additionalProperties": false, + "properties": { + "source": { + "default": "", + "type": "string" + }, + "target": { + "default": "", + "type": "string" + } + }, + "required": [ + "source", + "target" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec": { + "additionalProperties": false, + "properties": { + "data": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData", + "default": {} + }, + "type": "array" + }, + "dataFrom": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef", + "default": {} + }, + "type": "array" + }, + "refreshInterval": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "secretStoreRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef", + "default": {} + }, + "target": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget", + "default": {} + } + }, + "required": [ + "secretStoreRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget": { + "additionalProperties": false, + "properties": { + "creationPolicy": { + "type": "string" + }, + "deletionPolicy": { + "type": "string" + }, + "immutable": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate": { + "additionalProperties": false, + "properties": { + "data": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata", + "default": {} + }, + "templateFrom": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom", + "default": {} + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider": { + "additionalProperties": false, + "properties": { + "data": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "value": { + "type": "string" + }, + "valueMap": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FindName": { + "additionalProperties": false, + "properties": { + "regexp": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef" + }, + "workloadIdentity": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth", + "default": {} + }, + "projectID": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity": { + "additionalProperties": false, + "properties": { + "clusterLocation": { + "default": "", + "type": "string" + }, + "clusterName": { + "default": "", + "type": "string" + }, + "clusterProjectID": { + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {} + } + }, + "required": [ + "serviceAccountRef", + "clusterLocation", + "clusterName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth": { + "additionalProperties": false, + "properties": { + "SecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef", + "default": {} + } + }, + "required": [ + "SecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth", + "default": {} + }, + "environment": { + "type": "string" + }, + "projectID": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef": { + "additionalProperties": false, + "properties": { + "accessToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth": { + "additionalProperties": false, + "properties": { + "containerAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth", + "default": {} + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth": { + "additionalProperties": false, + "properties": { + "iamEndpoint": { + "type": "string" + }, + "profile": { + "default": "", + "type": "string" + }, + "tokenLocation": { + "type": "string" + } + }, + "required": [ + "profile" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretApiKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth", + "default": {} + }, + "serviceUrl": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth": { + "additionalProperties": false, + "properties": { + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CertAuth" + }, + "serviceAccount": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + }, + "token": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth", + "default": {} + }, + "remoteNamespace": { + "default": "", + "type": "string" + }, + "server": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer", + "default": {} + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer": { + "additionalProperties": false, + "properties": { + "caBundle": { + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef" + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef": { + "additionalProperties": false, + "properties": { + "connectTokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "connectTokenSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth" + }, + "connectHost": { + "default": "", + "type": "string" + }, + "vaults": { + "additionalProperties": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "type": "object" + } + }, + "required": [ + "auth", + "connectHost", + "vaults" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef", + "default": {} + }, + "tenancy": { + "default": "", + "type": "string" + }, + "user": { + "default": "", + "type": "string" + } + }, + "required": [ + "tenancy", + "user", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth" + }, + "region": { + "default": "", + "type": "string" + }, + "vault": { + "default": "", + "type": "string" + } + }, + "required": [ + "region", + "vault" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef": { + "additionalProperties": false, + "properties": { + "fingerprint": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "privatekey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "privatekey", + "fingerprint" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider": { + "additionalProperties": false, + "properties": { + "akeyless": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider" + }, + "alibaba": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider" + }, + "aws": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider" + }, + "azurekv": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider" + }, + "doppler": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider" + }, + "fake": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider" + }, + "gcpsm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider" + }, + "gitlab": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider" + }, + "ibm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider" + }, + "onepassword": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider" + }, + "oracle": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider" + }, + "senhasegura": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider" + }, + "vault": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider" + }, + "webhook": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider" + }, + "yandexcertificatemanager": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider" + }, + "yandexlockbox": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef": { + "additionalProperties": false, + "properties": { + "kind": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings": { + "additionalProperties": false, + "properties": { + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "retryInterval": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec": { + "additionalProperties": false, + "properties": { + "conditions": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition", + "default": {} + }, + "type": "array" + }, + "controller": { + "default": "", + "type": "string" + }, + "provider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider" + }, + "refreshInterval": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "retrySettings": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings" + } + }, + "required": [ + "provider" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth": { + "additionalProperties": false, + "properties": { + "clientId": { + "default": "", + "type": "string" + }, + "clientSecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "clientId", + "clientSecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth", + "default": {} + }, + "ignoreSslCertificate": { + "type": "boolean" + }, + "module": { + "default": "", + "type": "string" + }, + "url": { + "default": "", + "type": "string" + } + }, + "required": [ + "url", + "module", + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + }, + "secret": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name", + "items" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth": { + "additionalProperties": false, + "properties": { + "bearerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole": { + "additionalProperties": false, + "properties": { + "path": { + "default": "", + "type": "string" + }, + "roleId": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "path", + "roleId", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth": { + "additionalProperties": false, + "properties": { + "appRole": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole" + }, + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth" + }, + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth" + }, + "ldap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth" + }, + "tokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth": { + "additionalProperties": false, + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth": { + "additionalProperties": false, + "properties": { + "kubernetesServiceAccountToken": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth" + }, + "path": { + "default": "", + "type": "string" + }, + "role": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth": { + "additionalProperties": false, + "properties": { + "mountPath": { + "default": "", + "type": "string" + }, + "role": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "required": [ + "mountPath", + "role" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth": { + "additionalProperties": false, + "properties": { + "audiences": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {} + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth": { + "additionalProperties": false, + "properties": { + "path": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "username": { + "default": "", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth", + "default": {} + }, + "caBundle": { + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider" + }, + "forwardInconsistent": { + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readYourWrites": { + "type": "boolean" + }, + "server": { + "default": "", + "type": "string" + }, + "version": { + "default": "", + "type": "string" + } + }, + "required": [ + "auth", + "server", + "version" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "type": "string" + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider": { + "additionalProperties": false, + "properties": { + "body": { + "type": "string" + }, + "caBundle": { + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider" + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "method": { + "type": "string" + }, + "result": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult", + "default": {} + }, + "secrets": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret", + "default": {} + }, + "type": "array" + }, + "timeout": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "url": { + "default": "", + "type": "string" + } + }, + "required": [ + "url", + "result" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult": { + "additionalProperties": false, + "properties": { + "jsonPath": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret": { + "additionalProperties": false, + "properties": { + "name": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "name", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider": { + "additionalProperties": false, + "properties": { + "apiEndpoint": { + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth", + "default": {} + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider": { + "additionalProperties": false, + "properties": { + "apiEndpoint": { + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth", + "default": {} + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.meta.v1.SecretKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.meta.v1.ServiceAccountSelector": { + "additionalProperties": false, + "properties": { + "audiences": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "properties": { + "matchExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "type": "string" + }, + "values": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + } + }, + "properties": { + "clusterexternalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + } + }, + "type": "object" + }, + "clustersecretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "externalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + } + }, + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "secretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "clusterexternalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clustersecretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "externalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "secretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-external-secrets/values.yaml b/charts/meta-external-secrets/values.yaml new file mode 100644 index 0000000..ddb32fa --- /dev/null +++ b/charts/meta-external-secrets/values.yaml @@ -0,0 +1,16 @@ +# context can be used to define any user-provided structure to use in values +# templating +context: {} + +# fullnameOverride overrides value of $.Release.Name for resources release name +# prefixes +fullnameOverride: + +# annotations contains Annotations which are applied to all release resources +annotations: {} + +# labels contains Labels which are applied to all release resources +labels: {} + +# settings configures chart behaviour +settings: {} diff --git a/charts/meta-gatekeeper/.helmignore b/charts/meta-gatekeeper/.helmignore new file mode 100644 index 0000000..7f28c89 --- /dev/null +++ b/charts/meta-gatekeeper/.helmignore @@ -0,0 +1,3 @@ +config/* +values.schema.full.json +values.example.yaml diff --git a/charts/meta-gatekeeper/Chart.yaml b/charts/meta-gatekeeper/Chart.yaml new file mode 100644 index 0000000..5aa4ac1 --- /dev/null +++ b/charts/meta-gatekeeper/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: meta-gatekeeper +description: Metachart born Helm Chart for gatekeeper resources +type: application +version: "3.10.0" +appVersion: none diff --git a/charts/meta-gatekeeper/README.md b/charts/meta-gatekeeper/README.md new file mode 100644 index 0000000..45e373f --- /dev/null +++ b/charts/meta-gatekeeper/README.md @@ -0,0 +1,47 @@ +# meta-gatekeeper + +`meta-gatekeeper` is a [metachart](https://github.com/iponweb/metachart) +born [Helm](https://helm.sh/) Chart for +[gatekeeper](https://github.com/open-policy-agent/gatekeeper) +operator custom resources + +## Quickstart + +Add the [Helm](https://helm.sh/) repository: + +```shell +helm repo add iponweb https://iponweb.github.io/charts +``` + +Add the [values.schema.json](values.schema.json) file to your favourite IDE +to enable values file autocompletion and validation. +Examples: +- [IntelliJ IDEA](https://www.jetbrains.com/help/idea/json.html#ws_json_schema_add_custom) +- [Visual Studio Code](https://code.visualstudio.com/docs/languages/json#_json-schemas-and-settings) +- [Sublime Text](https://github.com/sublimelsp/LSP-json) + +Define `values.yaml` with required resources and install the release: + +```shell +helm install release-name -f values.yaml iponweb/meta-gatekeeper +``` + +See also [values.example.yaml](values.example.yaml) + +## Documentation + +For complete resources list support see [resources](docs/resources.md). + +See the `metachart` [Documentation](https://github.com/iponweb/metachart/docs) +for more details. + +## Requirements + +Minimal supported [Helm](https://helm.sh/) version is `v3.2.0`. + +## Versioning + +Chart major and minor version parts follow +[gatekeeper](https://github.com/open-policy-agent/gatekeeper) +versions which has been used for the chart generation. Patch component is used +for charts own changes/fixes. diff --git a/charts/meta-gatekeeper/config/resources.yaml b/charts/meta-gatekeeper/config/resources.yaml new file mode 100644 index 0000000..55f51b9 --- /dev/null +++ b/charts/meta-gatekeeper/config/resources.yaml @@ -0,0 +1,54 @@ +resources: + #: config.gatekeeper.sh/v1alpha1 + configs: + apiVersion: config.gatekeeper.sh/v1alpha1 + kind: Config + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config + + #: expansion.gatekeeper.sh/v1alpha1 + expansiontemplate: + apiVersion: expansion.gatekeeper.sh/v1alpha1 + kind: ExpansionTemplate + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate + + #: externaldata.gatekeeper.sh/v1alpha1 + providers: + apiVersion: externaldata.gatekeeper.sh/v1alpha1 + kind: Provider + jsonSchemaRef: metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider + + #: mutations.gatekeeper.sh/v1 + assign: + apiVersion: mutations.gatekeeper.sh/v1 + kind: Assign + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.mutations.v1.Assign + assignmetadata: + apiVersion: mutations.gatekeeper.sh/v1 + kind: AssignMetadata + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata + modifyset: + apiVersion: mutations.gatekeeper.sh/v1 + kind: ModifySet + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet + + #: status.gatekeeper.sh/v1beta1 + constraintpodstatuses: + apiVersion: status.gatekeeper.sh/v1beta1 + kind: ConstraintPodStatus + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus + constrainttemplatepodstatuses: + constraintpodstatuses: + apiVersion: status.gatekeeper.sh/v1beta1 + kind: ConstraintTemplatePodStatus + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintTemplatePodStatus + mutatorpodstatuses: + constraintpodstatuses: + apiVersion: status.gatekeeper.sh/v1beta1 + kind: MutatorPodStatus + jsonSchemaRef: metachart.api.sh.gatekeeper.apis.status.v1beta1.MutatorPodStatus + + #: templates.gatekeeper.sh/v1 + constrainttemplates: + apiVersion: templates.gatekeeper.sh/v1 + kind: ConstraintTemplate + jsonSchemaRef: metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate diff --git a/charts/meta-gatekeeper/config/schema.yaml b/charts/meta-gatekeeper/config/schema.yaml new file mode 100644 index 0000000..186e27f --- /dev/null +++ b/charts/meta-gatekeeper/config/schema.yaml @@ -0,0 +1,72 @@ +.defaults: + disallowed: &defaultDisallowed + - status + - kind + - apiVersion + properties: &defaultProperties + enabled: metachart.interface.boolean + metadata: metachart.api.meta.v1.ObjectMeta + rootKey: &defaultRootKey + disallowed: *defaultDisallowed + properties: *defaultProperties + +definitions: + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/kubernetes/v1.25.2-strict/_definitions.json + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/gatekeeper/v3.10.0-strict/_definitions.json + +rules: + #: Common + #: + #: meta.v1.ObjectMeta + - target: metachart.api.meta.v1.ObjectMeta + source: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + allowed: + - annotations + - labels + - finalizers + - namespace + - name + properties: + checksums: metachart.interface.checksums + + #: config.gatekeeper.sh/v1alpha1 + - target: metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config + source: sh.gatekeeper.apis.config.v1alpha1.Config + <<: *defaultRootKey + + #: expansion.gatekeeper.sh/v1alpha1 + - target: metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate + source: sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate + <<: *defaultRootKey + + #: externaldata.gatekeeper.sh/v1alpha1 + - target: metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider + source: sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider + <<: *defaultRootKey + + #: mutations.gatekeeper.sh/v1 + - target: metachart.api.sh.gatekeeper.apis.mutations.v1.Assign + source: sh.gatekeeper.apis.mutations.v1.Assign + <<: *defaultRootKey + - target: metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata + source: sh.gatekeeper.apis.mutations.v1.AssignMetadata + <<: *defaultRootKey + - target: metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet + source: sh.gatekeeper.apis.mutations.v1.ModifySet + <<: *defaultRootKey + + #: status.gatekeeper.sh/v1beta1 + - target: metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus + source: sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus + <<: *defaultRootKey + - target: metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintTemplatePodStatus + source: sh.gatekeeper.apis.status.v1beta1.ConstraintTemplatePodStatus + <<: *defaultRootKey + - target: metachart.api.sh.gatekeeper.apis.status.v1beta1.MutatorPodStatus + source: sh.gatekeeper.apis.status.v1beta1.MutatorPodStatus + <<: *defaultRootKey + + #: templates.gatekeeper.sh/v1 + - target: metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate + source: sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate + <<: *defaultRootKey diff --git a/charts/meta-gatekeeper/config/values.schema.custom.json b/charts/meta-gatekeeper/config/values.schema.custom.json new file mode 100644 index 0000000..64c007d --- /dev/null +++ b/charts/meta-gatekeeper/config/values.schema.custom.json @@ -0,0 +1,5 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": {} +} diff --git a/charts/meta-gatekeeper/docs/resources.md b/charts/meta-gatekeeper/docs/resources.md new file mode 100644 index 0000000..e8b0603 --- /dev/null +++ b/charts/meta-gatekeeper/docs/resources.md @@ -0,0 +1,54 @@ +# Resources + +A set of resources supported by the chart + +## Non-Kubernetes resources + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| constrainttemplatepodstatuses | | - | +| mutatorpodstatuses | | - | + + +## config.gatekeeper.sh/v1alpha1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| configs | Config | - | + + +## expansion.gatekeeper.sh/v1alpha1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| expansiontemplate | ExpansionTemplate | - | + + +## externaldata.gatekeeper.sh/v1alpha1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| providers | Provider | - | + + +## mutations.gatekeeper.sh/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| assign | Assign | - | +| assignmetadata | AssignMetadata | - | +| modifyset | ModifySet | - | + + +## status.gatekeeper.sh/v1beta1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| constraintpodstatuses | ConstraintPodStatus | - | + + +## templates.gatekeeper.sh/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| constrainttemplates | ConstraintTemplate | - | \ No newline at end of file diff --git a/charts/meta-gatekeeper/templates/_custom.tpl b/charts/meta-gatekeeper/templates/_custom.tpl new file mode 100644 index 0000000..ed2ccbe --- /dev/null +++ b/charts/meta-gatekeeper/templates/_custom.tpl @@ -0,0 +1 @@ +{{/* Place user-provided templates there */}} diff --git a/charts/meta-gatekeeper/templates/_metachart.tpl b/charts/meta-gatekeeper/templates/_metachart.tpl new file mode 100644 index 0000000..d633212 --- /dev/null +++ b/charts/meta-gatekeeper/templates/_metachart.tpl @@ -0,0 +1,639 @@ +{{/* +Create a default fully qualified app name. +Truncate at 63 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +Use only helm release name because helm chart is made to be used by different +kinds of applications. + +Return: string +*/}} +{{- define "metachart.fullname" -}} +{{- if $.Values.fullnameOverride }} +{{- $.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $.Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Compute chart name-version to be used by the chart label + +Return: string +*/}} +{{- define "metachart.chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Compute Chart labels + +Return: dict in json format +*/}} +{{- define "metachart.chartLabels" -}} +{{- $result := dict + "helm.sh/chart" (include "metachart.chart" $) + "app.kubernetes.io/instance" $.Release.Name + "app.kubernetes.io/managed-by" $.Release.Service +}} +{{- if $.Chart.AppVersion }} + {{- $_ := set $result "app.kubernetes.io/version" $.Chart.AppVersion }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Label selector to determine if a resource belongs to a component. Only +necessary and sufficient set of labels is used. + +Params: + + component : str - Component value which the resource belongs to + +Return: dict in json format +*/}} +{{- define "metachart.selectorLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $component := default nil $params.component }} +{{- /* Execution */}} +{{- $result := dict "app.kubernetes.io/instance" $.Release.Name }} +{{- with $component }} + {{- $_ := set $result "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute resource labels + +Params: + + definition : dict - Resource definition + component : str - Resource component value + relatedComponent : str - Related resource component value + +Return: dict in json format +*/}} +{{- define "metachart.resourceLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $component := default nil $params.component }} +{{- $relatedComponent := default nil $params.relatedComponent }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $chartLabels := include "metachart.chartLabels" $context | fromJson }} +{{- $globalLabels := default dict (default dict (default dict $.Values.settings).global).labels | deepCopy }} +{{- $resourceLabels := default dict $resourceMeta.labels | deepCopy }} +{{- if $relatedComponent }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $relatedComponent}} +{{- else if $component }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Validate if forbidden labels are used */}} +{{- range $reservedLabel := keys $chartLabels }} + {{- if hasKey $globalLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} + {{- if hasKey $resourceLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} +{{- end }} +{{- $result := merge $resourceLabels $globalLabels $chartLabels }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute checksums annotations for a resource + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceChecksumAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $checksums := default dict (default dict $definition.metadata).checksums }} +{{- range $kind, $names := $checksums }} + {{- if $names }} + {{- if (kindIs "slice" $names) }} + {{- range $name := $names }} + {{- $_ := set $result (printf "checksum-%s-%s" $kind $name) (include "metachart.checksumSingle" (merge (dict "params" + (dict + "kind" $kind + "name" $name + )) $)) }} + {{- end }} + {{- else if eq $names "*" }} + {{- $_ := set $result (printf "checksum-%s" $kind) (include "metachart.checksumKinds" (merge (dict "params" + (dict + "kinds" (list $kind) + )) $)) }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource annotations + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $checksums := (include "metachart.resourceChecksumAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- $result := merge (default dict ($resourceMeta.annotations) | deepCopy) (default dict $.Values.annotations) $checksums }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource ObjectMeta + +Params: + + definition : dict - Resource definition + name : string - Resource name as defined in the values file + nameSuffix : string - Suffix to be added to the resource name + withName : bool - Whether name key must be added (default: true) + withNameFullnamePrefix : bool - Whether fullname prefix must be added to the name (default: true) + +Return: dict in json format +*/}} +{{- define "metachart.resourceMeta" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $nameSuffix := $params.nameSuffix }} +{{- $withName := (hasKey $params "withName" | ternary $params.withName true) }} +{{- $withNameFullnamePrefix := (hasKey $params "withNameFullnamePrefix" | ternary $params.withNameFullnamePrefix true) }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- /* Execution */}} +{{- $result := omit $resourceMeta "labels" "annotations" "name" "checksums" }} +{{- $fullnamePrefix := "" }} +{{- if $withNameFullnamePrefix }} +{{- $fullnamePrefix = printf "%s-" (include "metachart.fullname" $context) }} +{{- end }} +{{- if $withName }} + {{- if $resourceMeta.name }} + {{- $_ := set $result "name" $resourceMeta.name }} + {{- else if $name }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s-%s" $fullnamePrefix $name $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $name) }} + {{- end }} + {{- else }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s" (include "metachart.fullname" $context)) }} + {{- end }} + {{- end }} +{{- end }} +{{- $_ := set $result "labels" (include "metachart.resourceLabels" (merge (dict "params" $params) $context) | fromJson) }} +{{- $_ = set $result "annotations" (include "metachart.resourceAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover all string values and render them as templates + +Params: + + data : any - data to be processed + +Return: dict in json format +*/}} +{{- define "metachart.deepRender" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $data := ($params.data | deepCopy) }} +{{- /* Execution */}} +{{- if kindIs "string" $data }} + {{- $result := tpl $data $context }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else if kindIs "map" $data }} + {{- $result := dict }} + {{- range $key, $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $_ := set $result $key $newValue }} + {{- else }} + {{- $_ := set $result $key $value }} + {{- end }} + {{- end }} + {{- $result | toJson }} +{{- else if kindIs "slice" $data }} + {{- $result := list }} + {{- range $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $result = append $result $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $result = append $result $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $result = append $result $newValue }} + {{- else }} + {{- $result = append $result $value }} + {{- end }} + {{- end }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else }} + {{- $result := $data }} + {{- /* Return */}} + {{- $result | toJson }} +{{- end }} +{{- end }} + +{{/* +Deep merge like function which concats 2 slices if meets in instead of +override. This implementation takes into account that each of source and target +values can be none one of specific type or nil. + +Params: + + source : dict | slice - Merge from + target : dict | slice - Merge to + +Return: dict | slice in json format +*/}} +{{- define "metachart.mergeConcatLists" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $source := ($params.source | deepCopy) }} +{{- $target := ($params.target | deepCopy) }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $keys := keys (default dict $source) (default dict $target) | uniq }} +{{- range $key := $keys }} + {{- $sourceValue := get $source $key }} + {{- $targetValue := get $target $key }} + {{- if or (kindIs "map" $sourceValue) (kindIs "map" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "map" $sourceValue }}{{- else }}{{- $sourceValue = dict }}{{- end }} + {{- if kindIs "map" $targetValue }}{{- else }}{{- $targetValue = dict }}{{- end }} + {{- $newValue := include "metachart.mergeConcatLists" (dict "params" (dict + "source" $sourceValue + "target" $targetValue + )) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if or (kindIs "slice" $sourceValue) (kindIs "slice" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "slice" $sourceValue }}{{- else }}{{- $sourceValue = list }}{{- end }} + {{- if kindIs "slice" $targetValue }}{{- else }}{{- $targetValue = list }}{{- end }} + {{- $newValue := concat $sourceValue $targetValue }} + {{- $_ := set $result $key $newValue }} + {{- else if hasKey $target $key }} + {{- $_ := set $result $key $targetValue }} + {{- else }} + {{- $_ := set $result $key $sourceValue }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover defaults for the specific kind and apply them to the resource + +Params: + + definition : dict - Resource definition + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.setDefaults" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := ($params.definition | deepCopy) }} +{{- $kind := $params.kind }} +{{- $kindSettings := ternary (get $.Values.settings $kind) (dict) (hasKey (default dict $.Values.settings) $kind) }} +{{- /* Execution */}} +{{- $defaults := default dict $kindSettings.defaults }} +{{- include "metachart.mergeConcatLists" (dict "params" (dict + "source" $defaults + "target" $definition +)) }} +{{- end }} + +{{/* +Discover all available resources (standalone and related) of specific kind. +It takes into account: + +- If resource kind is not disable in settings +- If resource definition.enabled is not false + +Params: + + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.discover" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $kindSettings := dict }} +{{- if hasKey (default dict $.Values.settings) $kind }} + {{- $kindSettings = get (default dict $.Values.settings) $kind }} +{{- end }} +{{- if not $kindSettings.disabled }} + {{- if hasKey $.Values $kind }} + {{- range $resourceName, $resourceDefinition := get $.Values $kind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $_ := set $result $resourceName $resourceDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- /* Discover related resources */}} + {{- $settingsKindAll := include "metachart.settings" $context | fromYaml | keys }} + {{- range $settingsKind := $settingsKindAll }} + {{- $resourceSettings := dict }} + {{- if hasKey (default dict $.Values.settings) $settingsKind }} + {{- $resourceSettings = get (default dict $.Values.settings) $settingsKind }} + {{- end }} + {{- if not $resourceSettings.disabled }} + {{- if hasKey $.Values $settingsKind }} + {{- range $resourceName, $resourceDefinition := get $.Values $settingsKind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $resourceRelated := default dict $resourceDefinition.related }} + {{- if hasKey $resourceRelated $kind }} + {{- range $name, $definition := get $resourceRelated $kind }} + {{- if hasKey $result $name }} + {{- fail (printf "Resource %s/%s defined in global and related scopes" $kind $name) }} + {{- else }} + {{- $patchedDefinition := $definition | deepCopy }} + {{- $_ := set $patchedDefinition "relatedComponent" (printf "%s-%s" $settingsKind $resourceName)}} + {{- $_ = set $result $name $patchedDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Build a complete resource ready for rendering + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + definition : dict - Resource definition + apiVersion : strint - Resource ApiVersion + kindCamelCase : string - Resource kind in CamelCase format + preprocess : bool - Whether the resource kind has a preprocessor + +Return: dict in json format +*/}} +{{- define "metachart.buildResource" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $name := $params.name }} +{{- $definition := $params.definition }} +{{- $apiVersion := $params.apiVersion }} +{{- $kindCamelCase := $params.kindCamelCase }} +{{- $preprocess := $params.preprocess }} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $component := (printf "%s-%s" $kind $name) }} +{{- $relatedComponent := $definition.relatedComponent }} +{{- $resource := dict + "apiVersion" $apiVersion + "kind" $kindCamelCase +}} +{{- $resource = merge $resource (omit ($definition | deepCopy) "enabled" "metadata" "related" "relatedComponent") }} +{{- $_ := set $resource "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $definition + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson) }} +{{- /* Apply defaults */}} +{{- $resource = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $resource + "kind" $kind + )) $context) | fromJson }} +{{- /* Preprocessing */}} +{{- $preprocessed := $resource }} +{{- if $preprocess }} + {{- $preprocessor := printf "metachart.preprocess.%s" $kind }} + {{- $preprocessed = include $preprocessor (merge (dict "params" + (dict + "definition" $resource + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson }} +{{- end }} +{{- /* Render */}} +{{- $result := include "metachart.deepRender" (merge (dict "params" (dict "data" $preprocessed)) $) | fromJson }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Render all release resources + +Return: yaml +*/}} +{{- define "metachart.renderAll" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $kinds := (include "metachart.settings" $context) | fromYaml | keys }} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "kinds" $kinds + )) $) }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Render specific resource kinds + +Params: + + kinds : slice - List of kinds + +Return: yaml +*/}} +{{- define "metachart.renderKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kinds := $params.kinds }} +{{- /* Execution */}} +{{- $result := "" }} +{{- range $kind := $kinds }} + {{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} + {{- range $name, $definition := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} + {{- $rendered := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} + {{- $result = printf "%s---%s\n...\n" $result $rendered }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of resources of specific kind + +Params: + + kinds : slice - List of kinds + +Return: string +*/}} +{{- define "metachart.checksumKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} + +{{/* +Render single resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: yaml +*/}} +{{- define "metachart.renderSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- $name := $params.name }} +{{- /* Execution */}} +{{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} +{{- $definitionsAll := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} +{{- if hasKey $definitionsAll $name }}{{- else }}{{- fail (printf "can not find resource %s/%s" $kind $name)}}{{- end }} +{{- $definition := get $definitionsAll $name }} +{{- $result := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of a specific resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: string +*/}} +{{- define "metachart.checksumSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderSingle" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} diff --git a/charts/meta-gatekeeper/templates/generated/_settings.tpl b/charts/meta-gatekeeper/templates/generated/_settings.tpl new file mode 100644 index 0000000..7db01da --- /dev/null +++ b/charts/meta-gatekeeper/templates/generated/_settings.tpl @@ -0,0 +1,43 @@ +{{- /* Resources definition */}} +{{- define "metachart.settings" }} +assign: + apiVersion: mutations.gatekeeper.sh/v1 + kindCamelCase: Assign + preprocess: false +assignmetadata: + apiVersion: mutations.gatekeeper.sh/v1 + kindCamelCase: AssignMetadata + preprocess: false +configs: + apiVersion: config.gatekeeper.sh/v1alpha1 + kindCamelCase: Config + preprocess: false +constraintpodstatuses: + apiVersion: status.gatekeeper.sh/v1beta1 + kindCamelCase: ConstraintPodStatus + preprocess: false +constrainttemplatepodstatuses: + apiVersion: "" + kindCamelCase: "" + preprocess: false +constrainttemplates: + apiVersion: templates.gatekeeper.sh/v1 + kindCamelCase: ConstraintTemplate + preprocess: false +expansiontemplate: + apiVersion: expansion.gatekeeper.sh/v1alpha1 + kindCamelCase: ExpansionTemplate + preprocess: false +modifyset: + apiVersion: mutations.gatekeeper.sh/v1 + kindCamelCase: ModifySet + preprocess: false +mutatorpodstatuses: + apiVersion: "" + kindCamelCase: "" + preprocess: false +providers: + apiVersion: externaldata.gatekeeper.sh/v1alpha1 + kindCamelCase: Provider + preprocess: false +{{- end }} \ No newline at end of file diff --git a/charts/meta-gatekeeper/templates/resources.yaml b/charts/meta-gatekeeper/templates/resources.yaml new file mode 100644 index 0000000..017a652 --- /dev/null +++ b/charts/meta-gatekeeper/templates/resources.yaml @@ -0,0 +1 @@ +{{- include "metachart.renderAll" $ }} diff --git a/charts/meta-gatekeeper/values.example.yaml b/charts/meta-gatekeeper/values.example.yaml new file mode 100644 index 0000000..ecd20ea --- /dev/null +++ b/charts/meta-gatekeeper/values.example.yaml @@ -0,0 +1 @@ +#: TODO diff --git a/charts/meta-gatekeeper/values.schema.full.json b/charts/meta-gatekeeper/values.schema.full.json new file mode 100644 index 0000000..fa2756a --- /dev/null +++ b/charts/meta-gatekeeper/values.schema.full.json @@ -0,0 +1,1383 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation": { + "additionalProperties": false, + "description": "ExternalDocumentation allows referencing an external resource for extended documentation.", + "properties": { + "description": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON": { + "description": "JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps": { + "additionalProperties": false, + "description": "JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).", + "properties": { + "$ref": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "additionalItems": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "allOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "anyOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "default": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON", + "description": "default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false." + }, + "definitions": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "dependencies": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray" + }, + "type": "object" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "type": "array" + }, + "example": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "exclusiveMaximum": { + "type": "boolean" + }, + "exclusiveMinimum": { + "type": "boolean" + }, + "externalDocs": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation" + }, + "format": { + "description": "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an URI as parsed by Golang net/url.ParseRequestURI - email: an email address as parsed by Golang net/mail.ParseAddress - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\" - isbn10: an ISBN10 number string like \"0321751043\" - isbn13: an ISBN13 number string like \"978-0321751041\" - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ - hexcolor: an hexadecimal color code like \"#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb like \"rgb(255,255,2559\" - byte: base64 encoded binary data - password: any kind of string - date: a date string like \"2006-01-02\" as defined by full-date in RFC3339 - duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format - datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339.", + "type": "string" + }, + "id": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray" + }, + "maxItems": { + "format": "int64", + "type": "integer" + }, + "maxLength": { + "format": "int64", + "type": "integer" + }, + "maxProperties": { + "format": "int64", + "type": "integer" + }, + "maximum": { + "format": "double", + "type": "number" + }, + "minItems": { + "format": "int64", + "type": "integer" + }, + "minLength": { + "format": "int64", + "type": "integer" + }, + "minProperties": { + "format": "int64", + "type": "integer" + }, + "minimum": { + "format": "double", + "type": "number" + }, + "multipleOf": { + "format": "double", + "type": "number" + }, + "not": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "nullable": { + "type": "boolean" + }, + "oneOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "pattern": { + "type": "string" + }, + "patternProperties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "properties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "required": { + "items": { + "type": "string" + }, + "type": "array" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uniqueItems": { + "type": "boolean" + }, + "x-kubernetes-embedded-resource": { + "description": "x-kubernetes-embedded-resource defines that the value is an embedded Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be object. It is allowed to further restrict the embedded object. kind, apiVersion and metadata are validated automatically. x-kubernetes-preserve-unknown-fields is allowed to be true, but does not have to be if the object is fully specified (up to kind, apiVersion, metadata).", + "type": "boolean" + }, + "x-kubernetes-int-or-string": { + "description": "x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns:\n\n1) anyOf:\n - type: integer\n - type: string\n2) allOf:\n - anyOf:\n - type: integer\n - type: string\n - ... zero or more", + "type": "boolean" + }, + "x-kubernetes-list-map-keys": { + "description": "x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used as the index of the map.\n\nThis tag MUST only be used on lists that have the \"x-kubernetes-list-type\" extension set to \"map\". Also, the values specified for this attribute must be a scalar typed field of the child structure (no nesting is supported).\n\nThe properties specified must either be required or have a default value, to ensure those properties are present for all list items.", + "items": { + "type": "string" + }, + "type": "array" + }, + "x-kubernetes-list-type": { + "description": "x-kubernetes-list-type annotates an array to further describe its topology. This extension must only be used on lists and may have 3 possible values:\n\n1) `atomic`: the list is treated as a single entity, like a scalar.\n Atomic lists will be entirely replaced when updated. This extension\n may be used on any type of list (struct, scalar, ...).\n2) `set`:\n Sets are lists that must not have multiple items with the same value. Each\n value must be a scalar, an object with x-kubernetes-map-type `atomic` or an\n array with x-kubernetes-list-type `atomic`.\n3) `map`:\n These lists are like maps in that their elements have a non-index key\n used to identify them. Order is preserved upon merge. The map tag\n must only be used on a list with elements of type object.\nDefaults to atomic for arrays.", + "type": "string" + }, + "x-kubernetes-map-type": { + "description": "x-kubernetes-map-type annotates an object to further describe its topology. This extension must only be used when type is object and may have 2 possible values:\n\n1) `granular`:\n These maps are actual maps (key-value pairs) and each fields are independent\n from each other (they can each be manipulated by separate actors). This is\n the default behaviour for all maps.\n2) `atomic`: the list is treated as a single entity, like a scalar.\n Atomic maps will be entirely replaced when updated.", + "type": "string" + }, + "x-kubernetes-preserve-unknown-fields": { + "description": "x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden.", + "type": "boolean" + }, + "x-kubernetes-validations": { + "description": "x-kubernetes-validations describes a list of validation rules written in the CEL expression language. This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.", + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "rule" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "rule", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray": { + "description": "JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool": { + "description": "JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. Defaults to true for the boolean property." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray": { + "description": "JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule": { + "additionalProperties": false, + "description": "ValidationRule describes a validation rule written in the CEL expression language.", + "properties": { + "message": { + "description": "Message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\"", + "type": "string" + }, + "rule": { + "description": "Rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The `self` variable in the CEL expression is bound to the scoped value. Example: - Rule scoped to the root of a resource with a status subresource: {\"rule\": \"self.status.actual \u003c= self.spec.maxDesired\"}\n\nIf the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as absent fields in CEL expressions. If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map are accessible via CEL macros and functions such as `self.all(...)`. If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and functions. If the Rule is scoped to a scalar, `self` is bound to the scalar value. Examples: - Rule scoped to a map of objects: {\"rule\": \"self.components['Widget'].priority \u003c 10\"} - Rule scoped to a list of integers: {\"rule\": \"self.values.all(value, value \u003e= 0 \u0026\u0026 value \u003c 100)\"} - Rule scoped to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible.\n\nUnknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes: - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. - Object properties where the property schema is of an \"unknown type\". An \"unknown type\" is recursively defined as:\n - A schema with no type and x-kubernetes-preserve-unknown-fields set to true\n - An array where the items schema is of an \"unknown type\"\n - An object where the additionalProperties schema is of an \"unknown type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Rule accessing a property named \"namespace\": {\"rule\": \"self.__namespace__ \u003e 0\"}\n - Rule accessing a property named \"x-prop\": {\"rule\": \"self.x__dash__prop \u003e 0\"}\n - Rule accessing a property named \"redact__d\": {\"rule\": \"self.redact__underscores__d \u003e 0\"}\n\nEquality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.", + "type": "string" + } + }, + "required": [ + "rule" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "default": "", + "description": "key is the label key that the selector applies to.", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config": { + "additionalProperties": false, + "description": "Config is the Schema for the configs API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.ConfigSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate": { + "additionalProperties": false, + "description": "ExpansionTemplate is the Schema for the ExpansionTemplate API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplateSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.mutations.v1.Assign": { + "additionalProperties": false, + "description": "Assign is the Schema for the assign API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata": { + "additionalProperties": false, + "description": "AssignMetadata is the Schema for the assignmetadata API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignMetadataSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet": { + "additionalProperties": false, + "description": "ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.ModifySetSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus": { + "additionalProperties": false, + "description": "ConstraintPodStatus is the Schema for the constraintpodstatuses API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider": { + "additionalProperties": false, + "description": "Provider is the Schema for the Provider API", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.ProviderSpec", + "default": {}, + "description": "Spec defines the Provider specifications." + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate": { + "additionalProperties": false, + "description": "ConstraintTemplate is the Schema for the constrainttemplates API", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplateSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "assign": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "assignmetadata": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "configs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "constraintpodstatuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "constrainttemplatepodstatuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "constrainttemplates": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "expansiontemplate": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "modifyset": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "mutatorpodstatuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "providers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.ConfigSpec": { + "additionalProperties": false, + "description": "ConfigSpec defines the desired state of Config.", + "properties": { + "match": { + "description": "Configuration for namespace exclusion", + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.MatchEntry", + "default": {} + }, + "type": "array" + }, + "readiness": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.ReadinessSpec", + "default": {}, + "description": "Configuration for readiness tracker" + }, + "sync": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.Sync", + "default": {}, + "description": "Configuration for syncing k8s objects" + }, + "validation": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.Validation", + "default": {}, + "description": "Configuration for validation" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.GVK": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.MatchEntry": { + "additionalProperties": false, + "properties": { + "excludedNamespaces": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "processes": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.ReadinessSpec": { + "additionalProperties": false, + "properties": { + "statsEnabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.Sync": { + "additionalProperties": false, + "properties": { + "syncOnly": { + "description": "If non-empty, only entries on this list will be replicated into OPA", + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.SyncOnlyEntry", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.SyncOnlyEntry": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.Trace": { + "additionalProperties": false, + "properties": { + "dump": { + "description": "Also dump the state of OPA with the trace. Set to `All` to dump everything.", + "type": "string" + }, + "kind": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.GVK", + "default": {}, + "description": "Only trace requests of the following GroupVersionKind" + }, + "user": { + "description": "Only trace requests from the specified user", + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.Validation": { + "additionalProperties": false, + "properties": { + "traces": { + "description": "List of requests to trace. Both \"user\" and \"kinds\" must be specified", + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.Trace", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplateSpec": { + "additionalProperties": false, + "description": "ExpansionTemplateSpec defines the desired state of ExpansionTemplate.", + "properties": { + "applyTo": { + "description": "ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded.", + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.ApplyTo", + "default": {} + }, + "type": "array" + }, + "enforcementAction": { + "description": "EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation.", + "type": "string" + }, + "generatedGVK": { + "$ref": "#/definitions/sh.gatekeeper.apis.expansion.v1alpha1.GeneratedGVK", + "default": {}, + "description": "GeneratedGVK specifies the GVK of the resources which the generator resource creates." + }, + "templateSource": { + "description": "TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template", + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.expansion.v1alpha1.GeneratedGVK": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.AssignField": { + "additionalProperties": false, + "properties": { + "externalData": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.ExternalData", + "description": "ExternalData describes the external data provider to be used for mutation." + }, + "fromMetadata": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.FromMetadata", + "description": "FromMetadata assigns a value from the specified metadata field." + }, + "value": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.types.Anything", + "description": "Value is a constant value that will be assigned to `location`" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.AssignMetadataSpec": { + "additionalProperties": false, + "description": "AssignMetadataSpec defines the desired state of AssignMetadata.", + "properties": { + "location": { + "type": "string" + }, + "match": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Match", + "default": {} + }, + "parameters": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.MetadataParameters", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.AssignSpec": { + "additionalProperties": false, + "description": "AssignSpec defines the desired state of Assign.", + "properties": { + "applyTo": { + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.ApplyTo", + "default": {} + }, + "type": "array" + }, + "location": { + "description": "Location describes the path to be mutated, for example: `spec.containers[name: main]`.", + "type": "string" + }, + "match": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Match", + "default": {}, + "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything." + }, + "parameters": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.Parameters", + "default": {}, + "description": "Parameters define the behavior of the mutator." + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.ExternalData": { + "additionalProperties": false, + "description": "ExternalData describes the external data source to use for the mutation.", + "properties": { + "dataSource": { + "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "type": "string" + }, + "default": { + "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "type": "string" + }, + "failurePolicy": { + "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "type": "string" + }, + "provider": { + "description": "Provider is the name of the external data provider.", + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.FromMetadata": { + "additionalProperties": false, + "properties": { + "field": { + "description": "Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.", + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.MetadataParameters": { + "additionalProperties": false, + "properties": { + "assign": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignField", + "default": {}, + "description": "Assign.value holds the value to be assigned" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.ModifySetParameters": { + "additionalProperties": false, + "properties": { + "operation": { + "description": "Operation describes whether values should be merged in (\"merge\"), or pruned (\"prune\"). Default value is \"merge\"", + "type": "string" + }, + "pathTests": { + "description": "PathTests are a series of existence tests that can be checked before a mutation is applied", + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.PathTest", + "default": {} + }, + "type": "array" + }, + "values": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.Values", + "default": {}, + "description": "Values describes the values provided to the operation as `values.fromList`." + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.ModifySetSpec": { + "additionalProperties": false, + "description": "ModifySetSpec defines the desired state of ModifySet.", + "properties": { + "applyTo": { + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.ApplyTo", + "default": {} + }, + "type": "array" + }, + "location": { + "description": "Location describes the path to be mutated, for example: `spec.containers[name: main].args`.", + "type": "string" + }, + "match": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Match", + "default": {}, + "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything." + }, + "parameters": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.ModifySetParameters", + "default": {}, + "description": "Parameters define the behavior of the mutator." + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.Parameters": { + "additionalProperties": false, + "properties": { + "assign": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignField", + "default": {}, + "description": "Assign.value holds the value to be assigned" + }, + "pathTests": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.PathTest", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.PathTest": { + "additionalProperties": false, + "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`.\n\nAvailable Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "properties": { + "condition": { + "type": "string" + }, + "subPath": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.Values": { + "additionalProperties": false, + "description": "Values describes the values provided to the operation.", + "properties": { + "fromList": { + "items": { + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.ProviderSpec": { + "additionalProperties": false, + "description": "ProviderSpec defines the desired state of Provider.", + "properties": { + "caBundle": { + "description": "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", + "type": "string" + }, + "insecureTLSSkipVerify": { + "description": "InsecureTLSSkipVerify skips the verification of Provider's certificate if enabled.", + "type": "boolean" + }, + "timeout": { + "description": "Timeout is the timeout when querying the provider.", + "format": "int32", + "type": "integer" + }, + "url": { + "description": "URL is the url for the provider. URL is prefixed with http:// or https://.", + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRD": { + "additionalProperties": false, + "properties": { + "spec": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRDSpec", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRDSpec": { + "additionalProperties": false, + "properties": { + "names": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Names", + "default": {} + }, + "validation": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Validation" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplateSpec": { + "additionalProperties": false, + "description": "ConstraintTemplateSpec defines the desired state of ConstraintTemplate.", + "properties": { + "crd": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRD", + "default": {} + }, + "targets": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Target", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Names": { + "additionalProperties": false, + "properties": { + "kind": { + "type": "string" + }, + "shortNames": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Target": { + "additionalProperties": false, + "properties": { + "libs": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "rego": { + "type": "string" + }, + "target": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Validation": { + "additionalProperties": false, + "properties": { + "legacySchema": { + "type": "boolean" + }, + "openAPIV3Schema": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.match.ApplyTo": { + "additionalProperties": false, + "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "properties": { + "groups": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "versions": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.match.Kinds": { + "additionalProperties": false, + "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "properties": { + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.match.Match": { + "additionalProperties": false, + "description": "Match selects objects to apply mutations to.", + "properties": { + "excludedNamespaces": { + "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Kinds", + "default": {} + }, + "type": "array" + }, + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector." + }, + "name": { + "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "type": "string" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace." + }, + "namespaces": { + "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "scope": { + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "type": "string" + }, + "source": { + "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.types.Anything": { + "description": "Anything is a struct wrapper around a field of type `interface{}` that plays nicely with controller-gen", + "type": "object" + } + }, + "properties": { + "assign": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.Assign" + } + }, + "type": "object" + }, + "assignmetadata": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata" + } + }, + "type": "object" + }, + "configs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config" + } + }, + "type": "object" + }, + "constraintpodstatuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus" + } + }, + "type": "object" + }, + "constrainttemplatepodstatuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/" + } + }, + "type": "object" + }, + "constrainttemplates": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "expansiontemplate": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate" + } + }, + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "modifyset": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet" + } + }, + "type": "object" + }, + "mutatorpodstatuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/" + } + }, + "type": "object" + }, + "providers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "assign": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.Assign" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "assignmetadata": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "configs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "constraintpodstatuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "constrainttemplatepodstatuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "constrainttemplates": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "expansiontemplate": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "modifyset": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "mutatorpodstatuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "providers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-gatekeeper/values.schema.json b/charts/meta-gatekeeper/values.schema.json new file mode 100644 index 0000000..a28dca3 --- /dev/null +++ b/charts/meta-gatekeeper/values.schema.json @@ -0,0 +1,1279 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps": { + "additionalProperties": false, + "properties": { + "$ref": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "additionalItems": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "allOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "anyOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "default": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "definitions": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "dependencies": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray" + }, + "type": "object" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "type": "array" + }, + "example": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "exclusiveMaximum": { + "type": "boolean" + }, + "exclusiveMinimum": { + "type": "boolean" + }, + "externalDocs": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation" + }, + "format": { + "type": "string" + }, + "id": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray" + }, + "maxItems": { + "format": "int64", + "type": "integer" + }, + "maxLength": { + "format": "int64", + "type": "integer" + }, + "maxProperties": { + "format": "int64", + "type": "integer" + }, + "maximum": { + "format": "double", + "type": "number" + }, + "minItems": { + "format": "int64", + "type": "integer" + }, + "minLength": { + "format": "int64", + "type": "integer" + }, + "minProperties": { + "format": "int64", + "type": "integer" + }, + "minimum": { + "format": "double", + "type": "number" + }, + "multipleOf": { + "format": "double", + "type": "number" + }, + "not": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "nullable": { + "type": "boolean" + }, + "oneOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "pattern": { + "type": "string" + }, + "patternProperties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "properties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "required": { + "items": { + "type": "string" + }, + "type": "array" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uniqueItems": { + "type": "boolean" + }, + "x-kubernetes-embedded-resource": { + "type": "boolean" + }, + "x-kubernetes-int-or-string": { + "type": "boolean" + }, + "x-kubernetes-list-map-keys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "x-kubernetes-list-type": { + "type": "string" + }, + "x-kubernetes-map-type": { + "type": "string" + }, + "x-kubernetes-preserve-unknown-fields": { + "type": "boolean" + }, + "x-kubernetes-validations": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "rule" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "rule", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + }, + "rule": { + "type": "string" + } + }, + "required": [ + "rule" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "properties": { + "matchExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "type": "string" + }, + "values": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.ConfigSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplateSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.mutations.v1.Assign": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignMetadataSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.ModifySetSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.ProviderSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplateSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "assign": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "assignmetadata": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "configs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "constraintpodstatuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "constrainttemplatepodstatuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "constrainttemplates": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "expansiontemplate": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "modifyset": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "mutatorpodstatuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "providers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.ConfigSpec": { + "additionalProperties": false, + "properties": { + "match": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.MatchEntry", + "default": {} + }, + "type": "array" + }, + "readiness": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.ReadinessSpec", + "default": {} + }, + "sync": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.Sync", + "default": {} + }, + "validation": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.Validation", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.GVK": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.MatchEntry": { + "additionalProperties": false, + "properties": { + "excludedNamespaces": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "processes": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.ReadinessSpec": { + "additionalProperties": false, + "properties": { + "statsEnabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.Sync": { + "additionalProperties": false, + "properties": { + "syncOnly": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.SyncOnlyEntry", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.SyncOnlyEntry": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.Trace": { + "additionalProperties": false, + "properties": { + "dump": { + "type": "string" + }, + "kind": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.GVK", + "default": {} + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.config.v1alpha1.Validation": { + "additionalProperties": false, + "properties": { + "traces": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.config.v1alpha1.Trace", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplateSpec": { + "additionalProperties": false, + "properties": { + "applyTo": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.ApplyTo", + "default": {} + }, + "type": "array" + }, + "enforcementAction": { + "type": "string" + }, + "generatedGVK": { + "$ref": "#/definitions/sh.gatekeeper.apis.expansion.v1alpha1.GeneratedGVK", + "default": {} + }, + "templateSource": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.expansion.v1alpha1.GeneratedGVK": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.AssignField": { + "additionalProperties": false, + "properties": { + "externalData": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.ExternalData" + }, + "fromMetadata": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.FromMetadata" + }, + "value": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.types.Anything" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.AssignMetadataSpec": { + "additionalProperties": false, + "properties": { + "location": { + "type": "string" + }, + "match": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Match", + "default": {} + }, + "parameters": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.MetadataParameters", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.AssignSpec": { + "additionalProperties": false, + "properties": { + "applyTo": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.ApplyTo", + "default": {} + }, + "type": "array" + }, + "location": { + "type": "string" + }, + "match": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Match", + "default": {} + }, + "parameters": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.Parameters", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.ExternalData": { + "additionalProperties": false, + "properties": { + "dataSource": { + "type": "string" + }, + "default": { + "type": "string" + }, + "failurePolicy": { + "type": "string" + }, + "provider": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.FromMetadata": { + "additionalProperties": false, + "properties": { + "field": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.MetadataParameters": { + "additionalProperties": false, + "properties": { + "assign": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignField", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.ModifySetParameters": { + "additionalProperties": false, + "properties": { + "operation": { + "type": "string" + }, + "pathTests": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.PathTest", + "default": {} + }, + "type": "array" + }, + "values": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.Values", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.ModifySetSpec": { + "additionalProperties": false, + "properties": { + "applyTo": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.ApplyTo", + "default": {} + }, + "type": "array" + }, + "location": { + "type": "string" + }, + "match": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Match", + "default": {} + }, + "parameters": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.ModifySetParameters", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.Parameters": { + "additionalProperties": false, + "properties": { + "assign": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.AssignField", + "default": {} + }, + "pathTests": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.apis.mutations.v1.PathTest", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.PathTest": { + "additionalProperties": false, + "properties": { + "condition": { + "type": "string" + }, + "subPath": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.apis.mutations.v1.Values": { + "additionalProperties": false, + "properties": { + "fromList": { + "items": { + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.ProviderSpec": { + "additionalProperties": false, + "properties": { + "caBundle": { + "type": "string" + }, + "insecureTLSSkipVerify": { + "type": "boolean" + }, + "timeout": { + "format": "int32", + "type": "integer" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRD": { + "additionalProperties": false, + "properties": { + "spec": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRDSpec", + "default": {} + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRDSpec": { + "additionalProperties": false, + "properties": { + "names": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Names", + "default": {} + }, + "validation": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Validation" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplateSpec": { + "additionalProperties": false, + "properties": { + "crd": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.CRD", + "default": {} + }, + "targets": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Target", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Names": { + "additionalProperties": false, + "properties": { + "kind": { + "type": "string" + }, + "shortNames": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Target": { + "additionalProperties": false, + "properties": { + "libs": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "rego": { + "type": "string" + }, + "target": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.Validation": { + "additionalProperties": false, + "properties": { + "legacySchema": { + "type": "boolean" + }, + "openAPIV3Schema": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.match.ApplyTo": { + "additionalProperties": false, + "properties": { + "groups": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "versions": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.match.Kinds": { + "additionalProperties": false, + "properties": { + "apiGroups": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.match.Match": { + "additionalProperties": false, + "properties": { + "excludedNamespaces": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "$ref": "#/definitions/sh.gatekeeper.pkg.mutation.match.Kinds", + "default": {} + }, + "type": "array" + }, + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "name": { + "type": "string" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaces": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "scope": { + "type": "string" + }, + "source": { + "type": "string" + } + }, + "type": "object" + }, + "sh.gatekeeper.pkg.mutation.types.Anything": { + "type": "object" + } + }, + "properties": { + "assign": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.Assign" + } + }, + "type": "object" + }, + "assignmetadata": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata" + } + }, + "type": "object" + }, + "configs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config" + } + }, + "type": "object" + }, + "constraintpodstatuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus" + } + }, + "type": "object" + }, + "constrainttemplatepodstatuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/" + } + }, + "type": "object" + }, + "constrainttemplates": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "expansiontemplate": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate" + } + }, + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "modifyset": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet" + } + }, + "type": "object" + }, + "mutatorpodstatuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/" + } + }, + "type": "object" + }, + "providers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "assign": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.Assign" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "assignmetadata": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.AssignMetadata" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "configs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.config.v1alpha1.Config" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "constraintpodstatuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.status.v1beta1.ConstraintPodStatus" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "constrainttemplatepodstatuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "constrainttemplates": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.templates.v1.ConstraintTemplate" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "expansiontemplate": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.expansion.v1alpha1.ExpansionTemplate" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "modifyset": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.apis.mutations.v1.ModifySet" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "mutatorpodstatuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "providers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.gatekeeper.frameworks.constraint.pkg.apis.externaldata.v1alpha1.Provider" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-gatekeeper/values.yaml b/charts/meta-gatekeeper/values.yaml new file mode 100644 index 0000000..a4840db --- /dev/null +++ b/charts/meta-gatekeeper/values.yaml @@ -0,0 +1,10 @@ +# context can be used to define any user-provided structure to use in values +# templating +context: {} + +# fullnameOverride overrides value of $.Release.Name for resources release name +# prefixes +fullnameOverride: + +# settings configures chart behaviour +settings: {} diff --git a/charts/meta-karpenter/.helmignore b/charts/meta-karpenter/.helmignore new file mode 100644 index 0000000..7f28c89 --- /dev/null +++ b/charts/meta-karpenter/.helmignore @@ -0,0 +1,3 @@ +config/* +values.schema.full.json +values.example.yaml diff --git a/charts/meta-karpenter/Chart.yaml b/charts/meta-karpenter/Chart.yaml new file mode 100644 index 0000000..3c9eecf --- /dev/null +++ b/charts/meta-karpenter/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: metachart +description: Metachart born Helm Chart for karpenter resources +type: application +version: "0.19.1" +appVersion: none diff --git a/charts/meta-karpenter/README.md b/charts/meta-karpenter/README.md new file mode 100644 index 0000000..768cd36 --- /dev/null +++ b/charts/meta-karpenter/README.md @@ -0,0 +1,47 @@ +# meta-karpenter + +`meta-karpenter` is a [metachart](https://github.com/iponweb/metachart) +born [Helm](https://helm.sh/) Chart for +[karpenter](https://github.com/aws/karpenter) +operator custom resources + +## Quickstart + +Add the [Helm](https://helm.sh/) repository: + +```shell +helm repo add iponweb https://iponweb.github.io/charts +``` + +Add the [values.schema.json](values.schema.json) file to your favourite IDE +to enable values file autocompletion and validation. +Examples: +- [IntelliJ IDEA](https://www.jetbrains.com/help/idea/json.html#ws_json_schema_add_custom) +- [Visual Studio Code](https://code.visualstudio.com/docs/languages/json#_json-schemas-and-settings) +- [Sublime Text](https://github.com/sublimelsp/LSP-json) + +Define `values.yaml` with required resources and install the release: + +```shell +helm install release-name -f values.yaml iponweb/meta-karpenter +``` + +See also [values.example.yaml](values.example.yaml) + +## Documentation + +For complete resources list support see [resources](docs/resources.md). + +See the `metachart` [Documentation](https://github.com/iponweb/metachart/docs) +for more details. + +## Requirements + +Minimal supported [Helm](https://helm.sh/) version is `v3.2.0`. + +## Versioning + +Chart major and minor version parts follow +[karpenter](https://github.com/aws/karpenter) +versions which has been used for the chart generation. Patch component is used +for charts own changes/fixes. diff --git a/charts/meta-karpenter/config/resources.yaml b/charts/meta-karpenter/config/resources.yaml new file mode 100644 index 0000000..9197894 --- /dev/null +++ b/charts/meta-karpenter/config/resources.yaml @@ -0,0 +1,9 @@ +resources: + awsnodetemplate: + apiVersion: karpenter.k8s.aws/v1alpha1 + kind: AWSNodeTemplate + jsonSchemaRef: metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate + provisioners: + apiVersion: karpenter.sh/v1alpha5 + kind: Provisioner + jsonSchemaRef: metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner diff --git a/charts/meta-karpenter/config/schema.yaml b/charts/meta-karpenter/config/schema.yaml new file mode 100644 index 0000000..c08956d --- /dev/null +++ b/charts/meta-karpenter/config/schema.yaml @@ -0,0 +1,40 @@ +.defaults: + disallowed: &defaultDisallowed + - status + - kind + - apiVersion + properties: &defaultProperties + enabled: metachart.interface.boolean + metadata: metachart.api.meta.v1.ObjectMeta + rootKey: &defaultRootKey + disallowed: *defaultDisallowed + properties: *defaultProperties + +definitions: + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/kubernetes/v1.25.2-strict/_definitions.json + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/karpenter/v0.19.1-strict/_definitions.json + +rules: + #: Common + #: + #: meta.v1.ObjectMeta + - target: metachart.api.meta.v1.ObjectMeta + source: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + allowed: + - annotations + - labels + - finalizers + - namespace + - name + properties: + checksums: metachart.interface.checksums + + #: karpenter.k8s.aws/v1alpha1 + - target: metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate + source: sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate + <<: *defaultRootKey + + #: karpenter.sh/v1alpha5 + - target: metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner + source: sh.karpenter.pkg.apis.v1alpha5.Provisioner + <<: *defaultRootKey diff --git a/charts/meta-karpenter/config/values.schema.custom.json b/charts/meta-karpenter/config/values.schema.custom.json new file mode 100644 index 0000000..64c007d --- /dev/null +++ b/charts/meta-karpenter/config/values.schema.custom.json @@ -0,0 +1,5 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": {} +} diff --git a/charts/meta-karpenter/docs/resources.md b/charts/meta-karpenter/docs/resources.md new file mode 100644 index 0000000..eef1507 --- /dev/null +++ b/charts/meta-karpenter/docs/resources.md @@ -0,0 +1,16 @@ +# Resources + +A set of resources supported by the chart + +## karpenter.k8s.aws/v1alpha1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| awsnodetemplate | AWSNodeTemplate | - | + + +## karpenter.sh/v1alpha5 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| provisioners | Provisioner | - | \ No newline at end of file diff --git a/charts/meta-karpenter/templates/_custom.tpl b/charts/meta-karpenter/templates/_custom.tpl new file mode 100644 index 0000000..e69de29 diff --git a/charts/meta-karpenter/templates/_metachart.tpl b/charts/meta-karpenter/templates/_metachart.tpl new file mode 100644 index 0000000..d633212 --- /dev/null +++ b/charts/meta-karpenter/templates/_metachart.tpl @@ -0,0 +1,639 @@ +{{/* +Create a default fully qualified app name. +Truncate at 63 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +Use only helm release name because helm chart is made to be used by different +kinds of applications. + +Return: string +*/}} +{{- define "metachart.fullname" -}} +{{- if $.Values.fullnameOverride }} +{{- $.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $.Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Compute chart name-version to be used by the chart label + +Return: string +*/}} +{{- define "metachart.chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Compute Chart labels + +Return: dict in json format +*/}} +{{- define "metachart.chartLabels" -}} +{{- $result := dict + "helm.sh/chart" (include "metachart.chart" $) + "app.kubernetes.io/instance" $.Release.Name + "app.kubernetes.io/managed-by" $.Release.Service +}} +{{- if $.Chart.AppVersion }} + {{- $_ := set $result "app.kubernetes.io/version" $.Chart.AppVersion }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Label selector to determine if a resource belongs to a component. Only +necessary and sufficient set of labels is used. + +Params: + + component : str - Component value which the resource belongs to + +Return: dict in json format +*/}} +{{- define "metachart.selectorLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $component := default nil $params.component }} +{{- /* Execution */}} +{{- $result := dict "app.kubernetes.io/instance" $.Release.Name }} +{{- with $component }} + {{- $_ := set $result "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute resource labels + +Params: + + definition : dict - Resource definition + component : str - Resource component value + relatedComponent : str - Related resource component value + +Return: dict in json format +*/}} +{{- define "metachart.resourceLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $component := default nil $params.component }} +{{- $relatedComponent := default nil $params.relatedComponent }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $chartLabels := include "metachart.chartLabels" $context | fromJson }} +{{- $globalLabels := default dict (default dict (default dict $.Values.settings).global).labels | deepCopy }} +{{- $resourceLabels := default dict $resourceMeta.labels | deepCopy }} +{{- if $relatedComponent }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $relatedComponent}} +{{- else if $component }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Validate if forbidden labels are used */}} +{{- range $reservedLabel := keys $chartLabels }} + {{- if hasKey $globalLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} + {{- if hasKey $resourceLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} +{{- end }} +{{- $result := merge $resourceLabels $globalLabels $chartLabels }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute checksums annotations for a resource + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceChecksumAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $checksums := default dict (default dict $definition.metadata).checksums }} +{{- range $kind, $names := $checksums }} + {{- if $names }} + {{- if (kindIs "slice" $names) }} + {{- range $name := $names }} + {{- $_ := set $result (printf "checksum-%s-%s" $kind $name) (include "metachart.checksumSingle" (merge (dict "params" + (dict + "kind" $kind + "name" $name + )) $)) }} + {{- end }} + {{- else if eq $names "*" }} + {{- $_ := set $result (printf "checksum-%s" $kind) (include "metachart.checksumKinds" (merge (dict "params" + (dict + "kinds" (list $kind) + )) $)) }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource annotations + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $checksums := (include "metachart.resourceChecksumAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- $result := merge (default dict ($resourceMeta.annotations) | deepCopy) (default dict $.Values.annotations) $checksums }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource ObjectMeta + +Params: + + definition : dict - Resource definition + name : string - Resource name as defined in the values file + nameSuffix : string - Suffix to be added to the resource name + withName : bool - Whether name key must be added (default: true) + withNameFullnamePrefix : bool - Whether fullname prefix must be added to the name (default: true) + +Return: dict in json format +*/}} +{{- define "metachart.resourceMeta" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $nameSuffix := $params.nameSuffix }} +{{- $withName := (hasKey $params "withName" | ternary $params.withName true) }} +{{- $withNameFullnamePrefix := (hasKey $params "withNameFullnamePrefix" | ternary $params.withNameFullnamePrefix true) }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- /* Execution */}} +{{- $result := omit $resourceMeta "labels" "annotations" "name" "checksums" }} +{{- $fullnamePrefix := "" }} +{{- if $withNameFullnamePrefix }} +{{- $fullnamePrefix = printf "%s-" (include "metachart.fullname" $context) }} +{{- end }} +{{- if $withName }} + {{- if $resourceMeta.name }} + {{- $_ := set $result "name" $resourceMeta.name }} + {{- else if $name }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s-%s" $fullnamePrefix $name $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $name) }} + {{- end }} + {{- else }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s" (include "metachart.fullname" $context)) }} + {{- end }} + {{- end }} +{{- end }} +{{- $_ := set $result "labels" (include "metachart.resourceLabels" (merge (dict "params" $params) $context) | fromJson) }} +{{- $_ = set $result "annotations" (include "metachart.resourceAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover all string values and render them as templates + +Params: + + data : any - data to be processed + +Return: dict in json format +*/}} +{{- define "metachart.deepRender" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $data := ($params.data | deepCopy) }} +{{- /* Execution */}} +{{- if kindIs "string" $data }} + {{- $result := tpl $data $context }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else if kindIs "map" $data }} + {{- $result := dict }} + {{- range $key, $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $_ := set $result $key $newValue }} + {{- else }} + {{- $_ := set $result $key $value }} + {{- end }} + {{- end }} + {{- $result | toJson }} +{{- else if kindIs "slice" $data }} + {{- $result := list }} + {{- range $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $result = append $result $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $result = append $result $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $result = append $result $newValue }} + {{- else }} + {{- $result = append $result $value }} + {{- end }} + {{- end }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else }} + {{- $result := $data }} + {{- /* Return */}} + {{- $result | toJson }} +{{- end }} +{{- end }} + +{{/* +Deep merge like function which concats 2 slices if meets in instead of +override. This implementation takes into account that each of source and target +values can be none one of specific type or nil. + +Params: + + source : dict | slice - Merge from + target : dict | slice - Merge to + +Return: dict | slice in json format +*/}} +{{- define "metachart.mergeConcatLists" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $source := ($params.source | deepCopy) }} +{{- $target := ($params.target | deepCopy) }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $keys := keys (default dict $source) (default dict $target) | uniq }} +{{- range $key := $keys }} + {{- $sourceValue := get $source $key }} + {{- $targetValue := get $target $key }} + {{- if or (kindIs "map" $sourceValue) (kindIs "map" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "map" $sourceValue }}{{- else }}{{- $sourceValue = dict }}{{- end }} + {{- if kindIs "map" $targetValue }}{{- else }}{{- $targetValue = dict }}{{- end }} + {{- $newValue := include "metachart.mergeConcatLists" (dict "params" (dict + "source" $sourceValue + "target" $targetValue + )) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if or (kindIs "slice" $sourceValue) (kindIs "slice" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "slice" $sourceValue }}{{- else }}{{- $sourceValue = list }}{{- end }} + {{- if kindIs "slice" $targetValue }}{{- else }}{{- $targetValue = list }}{{- end }} + {{- $newValue := concat $sourceValue $targetValue }} + {{- $_ := set $result $key $newValue }} + {{- else if hasKey $target $key }} + {{- $_ := set $result $key $targetValue }} + {{- else }} + {{- $_ := set $result $key $sourceValue }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover defaults for the specific kind and apply them to the resource + +Params: + + definition : dict - Resource definition + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.setDefaults" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := ($params.definition | deepCopy) }} +{{- $kind := $params.kind }} +{{- $kindSettings := ternary (get $.Values.settings $kind) (dict) (hasKey (default dict $.Values.settings) $kind) }} +{{- /* Execution */}} +{{- $defaults := default dict $kindSettings.defaults }} +{{- include "metachart.mergeConcatLists" (dict "params" (dict + "source" $defaults + "target" $definition +)) }} +{{- end }} + +{{/* +Discover all available resources (standalone and related) of specific kind. +It takes into account: + +- If resource kind is not disable in settings +- If resource definition.enabled is not false + +Params: + + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.discover" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $kindSettings := dict }} +{{- if hasKey (default dict $.Values.settings) $kind }} + {{- $kindSettings = get (default dict $.Values.settings) $kind }} +{{- end }} +{{- if not $kindSettings.disabled }} + {{- if hasKey $.Values $kind }} + {{- range $resourceName, $resourceDefinition := get $.Values $kind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $_ := set $result $resourceName $resourceDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- /* Discover related resources */}} + {{- $settingsKindAll := include "metachart.settings" $context | fromYaml | keys }} + {{- range $settingsKind := $settingsKindAll }} + {{- $resourceSettings := dict }} + {{- if hasKey (default dict $.Values.settings) $settingsKind }} + {{- $resourceSettings = get (default dict $.Values.settings) $settingsKind }} + {{- end }} + {{- if not $resourceSettings.disabled }} + {{- if hasKey $.Values $settingsKind }} + {{- range $resourceName, $resourceDefinition := get $.Values $settingsKind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $resourceRelated := default dict $resourceDefinition.related }} + {{- if hasKey $resourceRelated $kind }} + {{- range $name, $definition := get $resourceRelated $kind }} + {{- if hasKey $result $name }} + {{- fail (printf "Resource %s/%s defined in global and related scopes" $kind $name) }} + {{- else }} + {{- $patchedDefinition := $definition | deepCopy }} + {{- $_ := set $patchedDefinition "relatedComponent" (printf "%s-%s" $settingsKind $resourceName)}} + {{- $_ = set $result $name $patchedDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Build a complete resource ready for rendering + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + definition : dict - Resource definition + apiVersion : strint - Resource ApiVersion + kindCamelCase : string - Resource kind in CamelCase format + preprocess : bool - Whether the resource kind has a preprocessor + +Return: dict in json format +*/}} +{{- define "metachart.buildResource" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $name := $params.name }} +{{- $definition := $params.definition }} +{{- $apiVersion := $params.apiVersion }} +{{- $kindCamelCase := $params.kindCamelCase }} +{{- $preprocess := $params.preprocess }} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $component := (printf "%s-%s" $kind $name) }} +{{- $relatedComponent := $definition.relatedComponent }} +{{- $resource := dict + "apiVersion" $apiVersion + "kind" $kindCamelCase +}} +{{- $resource = merge $resource (omit ($definition | deepCopy) "enabled" "metadata" "related" "relatedComponent") }} +{{- $_ := set $resource "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $definition + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson) }} +{{- /* Apply defaults */}} +{{- $resource = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $resource + "kind" $kind + )) $context) | fromJson }} +{{- /* Preprocessing */}} +{{- $preprocessed := $resource }} +{{- if $preprocess }} + {{- $preprocessor := printf "metachart.preprocess.%s" $kind }} + {{- $preprocessed = include $preprocessor (merge (dict "params" + (dict + "definition" $resource + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson }} +{{- end }} +{{- /* Render */}} +{{- $result := include "metachart.deepRender" (merge (dict "params" (dict "data" $preprocessed)) $) | fromJson }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Render all release resources + +Return: yaml +*/}} +{{- define "metachart.renderAll" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $kinds := (include "metachart.settings" $context) | fromYaml | keys }} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "kinds" $kinds + )) $) }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Render specific resource kinds + +Params: + + kinds : slice - List of kinds + +Return: yaml +*/}} +{{- define "metachart.renderKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kinds := $params.kinds }} +{{- /* Execution */}} +{{- $result := "" }} +{{- range $kind := $kinds }} + {{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} + {{- range $name, $definition := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} + {{- $rendered := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} + {{- $result = printf "%s---%s\n...\n" $result $rendered }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of resources of specific kind + +Params: + + kinds : slice - List of kinds + +Return: string +*/}} +{{- define "metachart.checksumKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} + +{{/* +Render single resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: yaml +*/}} +{{- define "metachart.renderSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- $name := $params.name }} +{{- /* Execution */}} +{{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} +{{- $definitionsAll := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} +{{- if hasKey $definitionsAll $name }}{{- else }}{{- fail (printf "can not find resource %s/%s" $kind $name)}}{{- end }} +{{- $definition := get $definitionsAll $name }} +{{- $result := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of a specific resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: string +*/}} +{{- define "metachart.checksumSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderSingle" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} diff --git a/charts/meta-karpenter/templates/generated/_settings.tpl b/charts/meta-karpenter/templates/generated/_settings.tpl new file mode 100644 index 0000000..ee654b3 --- /dev/null +++ b/charts/meta-karpenter/templates/generated/_settings.tpl @@ -0,0 +1,11 @@ +{{- /* Resources definition */}} +{{- define "metachart.settings" }} +awsnodetemplate: + apiVersion: karpenter.k8s.aws/v1alpha1 + kindCamelCase: AWSNodeTemplate + preprocess: false +provisioners: + apiVersion: karpenter.sh/v1alpha5 + kindCamelCase: Provisioner + preprocess: false +{{- end }} \ No newline at end of file diff --git a/charts/meta-karpenter/templates/resources.yaml b/charts/meta-karpenter/templates/resources.yaml new file mode 100644 index 0000000..017a652 --- /dev/null +++ b/charts/meta-karpenter/templates/resources.yaml @@ -0,0 +1 @@ +{{- include "metachart.renderAll" $ }} diff --git a/charts/meta-karpenter/values.example.yaml b/charts/meta-karpenter/values.example.yaml new file mode 100644 index 0000000..22edebc --- /dev/null +++ b/charts/meta-karpenter/values.example.yaml @@ -0,0 +1,28 @@ +#: +#: The values file explains how the scenario from the +#: https://karpenter.sh/v0.19.1/getting-started/getting-started-with-eksctl/ +#: can be done using the Chart +#: + +awsnodetemplate: + main: + spec: + subnetSelector: + karpenter.sh/discovery: ${CLUSTER_NAME} + securityGroupSelector: + karpenter.sh/discovery: ${CLUSTER_NAME} + +provisioners: + main: + spec: + requirements: + - key: karpenter.sh/capacity-type + operator: In + values: ["spot"] + limits: + resources: + cpu: "1000" + providerRef: + #: Reference to the previously defined `awsnodetemplate` resource + name: '{{ include "metachart.fullname" $ }}-main' + ttlSecondsAfterEmpty: 30 diff --git a/charts/meta-karpenter/values.schema.full.json b/charts/meta-karpenter/values.schema.full.json new file mode 100644 index 0000000..82a69d1 --- /dev/null +++ b/charts/meta-karpenter/values.schema.full.json @@ -0,0 +1,621 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\n", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Taint": { + "additionalProperties": false, + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", + "properties": { + "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.\n\n", + "type": "string" + }, + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string" + }, + "timeAdded": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints." + }, + "value": { + "description": "The taint value corresponding to the taint key.", + "type": "string" + } + }, + "required": [ + "key", + "effect" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.runtime.RawExtension": { + "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + } + }, + "type": "object" + }, + "metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate": { + "additionalProperties": false, + "description": "AWSNodeTemplate is the Schema for the AWSNodeTemplate API", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplateSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner": { + "additionalProperties": false, + "description": "Provisioner is an alias type for additional validation", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProvisionerSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "awsnodetemplate": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "provisioners": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Consolidation": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Enabled enables consolidation if it has been set", + "type": "boolean" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.KubeletConfiguration": { + "additionalProperties": false, + "description": "KubeletConfiguration defines args to be used when configuring kubelet on provisioned nodes. They are a subset of the upstream types, recognizing not all options may be supported. Wherever possible, the types and names should reflect the upstream kubelet types. https://pkg.go.dev/k8s.io/kubelet/config/v1beta1#KubeletConfiguration https://github.com/kubernetes/kubernetes/blob/9f82d81e55cafdedab619ea25cabf5d42736dacf/cmd/kubelet/app/options/options.go#L53", + "properties": { + "clusterDNS": { + "description": "clusterDNS is a list of IP addresses for the cluster DNS server. Note that not all providers may use all addresses.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "containerRuntime": { + "description": "ContainerRuntime is the container runtime to be used with your worker nodes.", + "type": "string" + }, + "evictionHard": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "EvictionHard is the map of signal names to quantities that define hard eviction thresholds", + "type": "object" + }, + "evictionMaxPodGracePeriod": { + "description": "EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in response to soft eviction thresholds being met.", + "format": "int32", + "type": "integer" + }, + "evictionSoft": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "EvictionSoft is the map of signal names to quantities that define soft eviction thresholds", + "type": "object" + }, + "evictionSoftGracePeriod": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "default": 0 + }, + "description": "EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal", + "type": "object" + }, + "kubeReserved": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "description": "KubeReserved contains resources reserved for Kubernetes system components.", + "type": "object" + }, + "maxPods": { + "description": "MaxPods is an override for the maximum number of pods that can run on a worker node instance.", + "format": "int32", + "type": "integer" + }, + "podsPerCore": { + "description": "PodsPerCore is an override for the number of pods that can run on a worker node instance based on the number of cpu cores. This value cannot exceed MaxPods, so, if MaxPods is a lower value, that value will be used.", + "format": "int32", + "type": "integer" + }, + "systemReserved": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "description": "SystemReserved contains resources reserved for OS system daemons and kernel memory.", + "type": "object" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Limits": { + "additionalProperties": false, + "description": "Limits define bounds on the resources being provisioned by Karpenter", + "properties": { + "resources": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "description": "Resources contains all the allocatable resources that Karpenter supports for limiting.", + "type": "object" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProviderRef": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "description": "API version of the referent", + "type": "string" + }, + "kind": { + "description": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"", + "type": "string" + }, + "name": { + "description": "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProvisionerSpec": { + "additionalProperties": false, + "description": "ProvisionerSpec is the top level provisioner specification. Provisioners launch nodes in response to pods that are unschedulable. A single provisioner is capable of managing a diverse set of nodes. Node properties are determined from a combination of provisioner and pod scheduling constraints.", + "properties": { + "consolidation": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Consolidation", + "description": "Consolidation are the consolidation parameters" + }, + "kubeletConfiguration": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.KubeletConfiguration", + "description": "KubeletConfiguration are options passed to the kubelet when provisioning nodes" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Labels are layered with Requirements and applied to every node.", + "type": "object" + }, + "limits": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Limits", + "description": "Limits define a set of bounds for provisioning capacity." + }, + "provider": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension", + "description": "Provider contains fields specific to your cloudprovider." + }, + "providerRef": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProviderRef", + "description": "ProviderRef is a reference to a dedicated CRD for the chosen provider, that holds additional configuration options" + }, + "requirements": { + "description": "Requirements are layered with Labels and applied to every node.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "startupTaints": { + "description": "StartupTaints are taints that are applied to nodes upon startup which are expected to be removed automatically within a short period of time, typically by a DaemonSet that tolerates the taint. These are commonly used by daemonsets to allow initialization and enforce startup ordering. StartupTaints are ignored for provisioning purposes in that pods are not required to tolerate a StartupTaint in order to have nodes provisioned for them.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Taint", + "default": {} + }, + "type": "array" + }, + "taints": { + "description": "Taints will be applied to every node launched by the Provisioner. If specified, the provisioner will not provision nodes for pods that do not have matching tolerations. Additional taints will be created that match pod tolerations on a per-node basis.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Taint", + "default": {} + }, + "type": "array" + }, + "ttlSecondsAfterEmpty": { + "description": "TTLSecondsAfterEmpty is the number of seconds the controller will wait before attempting to delete a node, measured from when the node is detected to be empty. A Node is considered to be empty when it does not have pods scheduled to it, excluding daemonsets.\n\nTermination due to no utilization is disabled if this field is not set.", + "format": "int64", + "type": "integer" + }, + "ttlSecondsUntilExpired": { + "description": "TTLSecondsUntilExpired is the number of seconds the controller will wait before terminating a node, measured from when the node is created. This is useful to implement features like eventually consistent node upgrade, memory leak protection, and disruption testing.\n\nTermination due to expiration is disabled if this field is not set.", + "format": "int64", + "type": "integer" + }, + "weight": { + "description": "Weight is the priority given to the provisioner during scheduling. A higher numerical weight indicates that this provisioner will be ordered ahead of other provisioners with lower weights. A provisioner with no weight will be treated as if it is a provisioner with a weight of 0.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplateSpec": { + "additionalProperties": false, + "description": "AWSNodeTemplateSpec is the top level specification for the AWS Karpenter Provider. This will contain configuration necessary to launch instances in AWS.", + "properties": { + "amiFamily": { + "description": "AMIFamily is the AMI family that instances use.", + "type": "string" + }, + "amiSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "AMISelector discovers AMIs to be used by Amazon EC2 tags.", + "type": "object" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "blockDeviceMappings": { + "description": "BlockDeviceMappings to be applied to provisioned nodes.", + "items": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.BlockDeviceMapping" + }, + "type": "array" + }, + "context": { + "description": "Context is a Reserved field in EC2 APIs https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html", + "type": "string" + }, + "instanceProfile": { + "description": "InstanceProfile is the AWS identity that instances use.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "launchTemplate": { + "description": "LaunchTemplateName for the node. If not specified, a launch template will be generated. NOTE: This field is for specifying a custom launch template and is exposed in the Spec as `launchTemplate` for backwards compatibility.", + "type": "string" + }, + "metadataOptions": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.MetadataOptions", + "description": "MetadataOptions for the generated launch template of provisioned nodes.\n\nThis specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide.\n\nRefer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. If omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6 disabled, with httpPutResponseLimit of 2, and with httpTokens required." + }, + "securityGroupSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "SecurityGroups specify the names of the security groups.", + "type": "object" + }, + "subnetSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "SubnetSelector discovers subnets by tags. A value of \"\" is a wildcard.", + "type": "object" + }, + "tags": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Tags to be applied on ec2 resources like instances and launch templates.", + "type": "object" + }, + "userData": { + "description": "UserData to be applied to the provisioned nodes. It must be in the appropriate format based on the AMIFamily in use. Karpenter will merge certain fields into this UserData to ensure nodes are being provisioned with the correct configuration.", + "type": "string" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.BlockDevice": { + "additionalProperties": false, + "properties": { + "deleteOnTermination": { + "description": "DeleteOnTermination indicates whether the EBS volume is deleted on instance termination.", + "type": "boolean" + }, + "encrypted": { + "description": "Encrypted indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value.", + "type": "boolean" + }, + "iops": { + "description": "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n * gp3: 3,000-16,000 IOPS\n\n * io1: 100-64,000 IOPS\n\n * io2: 100-64,000 IOPS\n\nFor io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS.\n\nThis parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes.", + "format": "int64", + "type": "integer" + }, + "kmsKeyID": { + "description": "KMSKeyID (ARN) of the symmetric Key Management Service (KMS) CMK used for encryption.", + "type": "string" + }, + "snapshotID": { + "description": "SnapshotID is the ID of an EBS snapshot", + "type": "string" + }, + "throughput": { + "description": "Throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s. Valid Range: Minimum value of 125. Maximum value of 1000.", + "format": "int64", + "type": "integer" + }, + "volumeSize": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "description": "VolumeSize in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n * gp2 and gp3: 1-16,384\n\n * io1 and io2: 4-16,384\n\n * st1 and sc1: 125-16,384\n\n * standard: 1-1,024" + }, + "volumeType": { + "description": "VolumeType of the block device. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.", + "type": "string" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.BlockDeviceMapping": { + "additionalProperties": false, + "properties": { + "deviceName": { + "description": "The device name (for example, /dev/sdh or xvdh).", + "type": "string" + }, + "ebs": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.BlockDevice", + "description": "EBS contains parameters used to automatically set up EBS volumes when an instance is launched." + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.MetadataOptions": { + "additionalProperties": false, + "description": "MetadataOptions contains parameters for specifying the exposure of the Instance Metadata Service to provisioned EC2 nodes.", + "properties": { + "httpEndpoint": { + "description": "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned nodes. If metadata options is non-nil, but this parameter is not specified, the default state is \"enabled\".\n\nIf you specify a value of \"disabled\", instance metadata will not be accessible on the node.", + "type": "string" + }, + "httpProtocolIPv6": { + "description": "HTTPProtocolIPv6 enables or disables the IPv6 endpoint for the instance metadata service on provisioned nodes. If metadata options is non-nil, but this parameter is not specified, the default state is \"disabled\".", + "type": "string" + }, + "httpPutResponseHopLimit": { + "description": "HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Possible values are integers from 1 to 64. If metadata options is non-nil, but this parameter is not specified, the default value is 1.", + "format": "int64", + "type": "integer" + }, + "httpTokens": { + "description": "HTTPTokens determines the state of token usage for instance metadata requests. If metadata options is non-nil, but this parameter is not specified, the default state is \"optional\".\n\nIf the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.\n\nIf the state is \"required\", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.", + "type": "string" + } + }, + "type": "object" + } + }, + "properties": { + "awsnodetemplate": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "provisioners": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "awsnodetemplate": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "provisioners": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-karpenter/values.schema.json b/charts/meta-karpenter/values.schema.json new file mode 100644 index 0000000..4944558 --- /dev/null +++ b/charts/meta-karpenter/values.schema.json @@ -0,0 +1,542 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Taint": { + "additionalProperties": false, + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "timeAdded": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "effect" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.runtime.RawExtension": { + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplateSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProvisionerSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "awsnodetemplate": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "provisioners": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Consolidation": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.KubeletConfiguration": { + "additionalProperties": false, + "properties": { + "clusterDNS": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "containerRuntime": { + "type": "string" + }, + "evictionHard": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "evictionMaxPodGracePeriod": { + "format": "int32", + "type": "integer" + }, + "evictionSoft": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "evictionSoftGracePeriod": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "default": 0 + }, + "type": "object" + }, + "kubeReserved": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "type": "object" + }, + "maxPods": { + "format": "int32", + "type": "integer" + }, + "podsPerCore": { + "format": "int32", + "type": "integer" + }, + "systemReserved": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "type": "object" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Limits": { + "additionalProperties": false, + "properties": { + "resources": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "type": "object" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProviderRef": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProvisionerSpec": { + "additionalProperties": false, + "properties": { + "consolidation": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Consolidation" + }, + "kubeletConfiguration": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.KubeletConfiguration" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "limits": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.Limits" + }, + "provider": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "providerRef": { + "$ref": "#/definitions/sh.karpenter.core.pkg.apis.provisioning.v1alpha5.ProviderRef" + }, + "requirements": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "startupTaints": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Taint", + "default": {} + }, + "type": "array" + }, + "taints": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Taint", + "default": {} + }, + "type": "array" + }, + "ttlSecondsAfterEmpty": { + "format": "int64", + "type": "integer" + }, + "ttlSecondsUntilExpired": { + "format": "int64", + "type": "integer" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplateSpec": { + "additionalProperties": false, + "properties": { + "amiFamily": { + "type": "string" + }, + "amiSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "apiVersion": { + "type": "string" + }, + "blockDeviceMappings": { + "items": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.BlockDeviceMapping" + }, + "type": "array" + }, + "context": { + "type": "string" + }, + "instanceProfile": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "launchTemplate": { + "type": "string" + }, + "metadataOptions": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.MetadataOptions" + }, + "securityGroupSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "subnetSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "tags": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "userData": { + "type": "string" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.BlockDevice": { + "additionalProperties": false, + "properties": { + "deleteOnTermination": { + "type": "boolean" + }, + "encrypted": { + "type": "boolean" + }, + "iops": { + "format": "int64", + "type": "integer" + }, + "kmsKeyID": { + "type": "string" + }, + "snapshotID": { + "type": "string" + }, + "throughput": { + "format": "int64", + "type": "integer" + }, + "volumeSize": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "volumeType": { + "type": "string" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.BlockDeviceMapping": { + "additionalProperties": false, + "properties": { + "deviceName": { + "type": "string" + }, + "ebs": { + "$ref": "#/definitions/sh.karpenter.pkg.apis.v1alpha1.BlockDevice" + } + }, + "type": "object" + }, + "sh.karpenter.pkg.apis.v1alpha1.MetadataOptions": { + "additionalProperties": false, + "properties": { + "httpEndpoint": { + "type": "string" + }, + "httpProtocolIPv6": { + "type": "string" + }, + "httpPutResponseHopLimit": { + "format": "int64", + "type": "integer" + }, + "httpTokens": { + "type": "string" + } + }, + "type": "object" + } + }, + "properties": { + "awsnodetemplate": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "provisioners": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "awsnodetemplate": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha1.AWSNodeTemplate" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "provisioners": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.sh.karpenter.pkg.apis.v1alpha5.Provisioner" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-karpenter/values.yaml b/charts/meta-karpenter/values.yaml new file mode 100644 index 0000000..a4840db --- /dev/null +++ b/charts/meta-karpenter/values.yaml @@ -0,0 +1,10 @@ +# context can be used to define any user-provided structure to use in values +# templating +context: {} + +# fullnameOverride overrides value of $.Release.Name for resources release name +# prefixes +fullnameOverride: + +# settings configures chart behaviour +settings: {} diff --git a/charts/meta-prometheus-operator/.helmignore b/charts/meta-prometheus-operator/.helmignore new file mode 100644 index 0000000..7f28c89 --- /dev/null +++ b/charts/meta-prometheus-operator/.helmignore @@ -0,0 +1,3 @@ +config/* +values.schema.full.json +values.example.yaml diff --git a/charts/meta-prometheus-operator/Chart.yaml b/charts/meta-prometheus-operator/Chart.yaml new file mode 100644 index 0000000..aab3c87 --- /dev/null +++ b/charts/meta-prometheus-operator/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: meta-prometheus-operator +description: Metachart born Helm Chart for prometheus-operator resources +type: application +version: "0.60.1" +appVersion: none diff --git a/charts/meta-prometheus-operator/README.md b/charts/meta-prometheus-operator/README.md new file mode 100644 index 0000000..2ac99b3 --- /dev/null +++ b/charts/meta-prometheus-operator/README.md @@ -0,0 +1,47 @@ +# meta-prometheus-operator + +`meta-prometheus-operator` is a [metachart](https://github.com/iponweb/metachart) +born [Helm](https://helm.sh/) Chart for +[prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) +operator custom resources + +## Quickstart + +Add the [Helm](https://helm.sh/) repository: + +```shell +helm repo add iponweb https://iponweb.github.io/charts +``` + +Add the [values.schema.json](values.schema.json) file to your favourite IDE +to enable values file autocompletion and validation. +Examples: +- [IntelliJ IDEA](https://www.jetbrains.com/help/idea/json.html#ws_json_schema_add_custom) +- [Visual Studio Code](https://code.visualstudio.com/docs/languages/json#_json-schemas-and-settings) +- [Sublime Text](https://github.com/sublimelsp/LSP-json) + +Define `values.yaml` with required resources and install the release: + +```shell +helm install release-name -f values.yaml iponweb/meta-prometheus-operator +``` + +See also [values.example.yaml](values.example.yaml) + +## Documentation + +For complete resources list support see [resources](docs/resources.md). + +See the `metachart` [Documentation](https://github.com/iponweb/metachart/docs) +for more details. + +## Requirements + +Minimal supported [Helm](https://helm.sh/) version is `v3.2.0`. + +## Versioning + +Chart major and minor version parts follow +[prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) +versions which has been used for the chart generation. Patch component is used +for charts own changes/fixes. diff --git a/charts/meta-prometheus-operator/config/resources.yaml b/charts/meta-prometheus-operator/config/resources.yaml new file mode 100644 index 0000000..0679f62 --- /dev/null +++ b/charts/meta-prometheus-operator/config/resources.yaml @@ -0,0 +1,37 @@ +resources: + + #: monitoring.coreos.com/v1 + alertmanagers: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager + podmonitors: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + probes: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe + prometheuses: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus + prometheusrules: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule + servicemonitors: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor + thanosrulers: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler + + #: monitoring.coreos.com/v1beta1 + alertmanagerconfigs: + apiVersion: monitoring.coreos.com/v1beta1 + kind: AlertmanagerConfig + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig diff --git a/charts/meta-prometheus-operator/config/schema.yaml b/charts/meta-prometheus-operator/config/schema.yaml new file mode 100644 index 0000000..e6e52d3 --- /dev/null +++ b/charts/meta-prometheus-operator/config/schema.yaml @@ -0,0 +1,58 @@ +.defaults: + disallowed: &defaultDisallowed + - status + - kind + - apiVersion + properties: &defaultProperties + enabled: metachart.interface.boolean + metadata: metachart.api.meta.v1.ObjectMeta + rootKey: &defaultRootKey + disallowed: *defaultDisallowed + properties: *defaultProperties + +definitions: + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/kubernetes/v1.25.2-strict/_definitions.json + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/prometheus-operator/v0.60.1-strict/_definitions.json + +rules: + #: Common + #: + #: meta.v1.ObjectMeta + - target: metachart.api.meta.v1.ObjectMeta + source: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + allowed: + - annotations + - labels + - finalizers + - namespace + - name + properties: + checksums: metachart.interface.checksums + + #: monitoring.coreos.com/v1 + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager + source: com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + source: com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe + source: com.coreos.monitoring.pkg.apis.monitoring.v1.Probe + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus + source: com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule + source: com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor + source: com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler + source: com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler + <<: *defaultRootKey + + #: monitoring.coreos.com/v1beta1 + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig + source: com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig + <<: *defaultRootKey diff --git a/charts/meta-prometheus-operator/config/values.schema.custom.json b/charts/meta-prometheus-operator/config/values.schema.custom.json new file mode 100644 index 0000000..64c007d --- /dev/null +++ b/charts/meta-prometheus-operator/config/values.schema.custom.json @@ -0,0 +1,5 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": {} +} diff --git a/charts/meta-prometheus-operator/docs/resources.md b/charts/meta-prometheus-operator/docs/resources.md new file mode 100644 index 0000000..0967ecc --- /dev/null +++ b/charts/meta-prometheus-operator/docs/resources.md @@ -0,0 +1,22 @@ +# Resources + +A set of resources supported by the chart + +## monitoring.coreos.com/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| alertmanagers | PodMonitor | - | +| podmonitors | PodMonitor | - | +| probes | PodMonitor | - | +| prometheuses | PodMonitor | - | +| prometheusrules | PodMonitor | - | +| servicemonitors | PodMonitor | - | +| thanosrulers | PodMonitor | - | + + +## monitoring.coreos.com/v1beta1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| alertmanagerconfigs | AlertmanagerConfig | - | \ No newline at end of file diff --git a/charts/meta-prometheus-operator/templates/_custom.tpl b/charts/meta-prometheus-operator/templates/_custom.tpl new file mode 100644 index 0000000..e69de29 diff --git a/charts/meta-prometheus-operator/templates/_metachart.tpl b/charts/meta-prometheus-operator/templates/_metachart.tpl new file mode 100644 index 0000000..d633212 --- /dev/null +++ b/charts/meta-prometheus-operator/templates/_metachart.tpl @@ -0,0 +1,639 @@ +{{/* +Create a default fully qualified app name. +Truncate at 63 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +Use only helm release name because helm chart is made to be used by different +kinds of applications. + +Return: string +*/}} +{{- define "metachart.fullname" -}} +{{- if $.Values.fullnameOverride }} +{{- $.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $.Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Compute chart name-version to be used by the chart label + +Return: string +*/}} +{{- define "metachart.chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Compute Chart labels + +Return: dict in json format +*/}} +{{- define "metachart.chartLabels" -}} +{{- $result := dict + "helm.sh/chart" (include "metachart.chart" $) + "app.kubernetes.io/instance" $.Release.Name + "app.kubernetes.io/managed-by" $.Release.Service +}} +{{- if $.Chart.AppVersion }} + {{- $_ := set $result "app.kubernetes.io/version" $.Chart.AppVersion }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Label selector to determine if a resource belongs to a component. Only +necessary and sufficient set of labels is used. + +Params: + + component : str - Component value which the resource belongs to + +Return: dict in json format +*/}} +{{- define "metachart.selectorLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $component := default nil $params.component }} +{{- /* Execution */}} +{{- $result := dict "app.kubernetes.io/instance" $.Release.Name }} +{{- with $component }} + {{- $_ := set $result "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute resource labels + +Params: + + definition : dict - Resource definition + component : str - Resource component value + relatedComponent : str - Related resource component value + +Return: dict in json format +*/}} +{{- define "metachart.resourceLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $component := default nil $params.component }} +{{- $relatedComponent := default nil $params.relatedComponent }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $chartLabels := include "metachart.chartLabels" $context | fromJson }} +{{- $globalLabels := default dict (default dict (default dict $.Values.settings).global).labels | deepCopy }} +{{- $resourceLabels := default dict $resourceMeta.labels | deepCopy }} +{{- if $relatedComponent }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $relatedComponent}} +{{- else if $component }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Validate if forbidden labels are used */}} +{{- range $reservedLabel := keys $chartLabels }} + {{- if hasKey $globalLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} + {{- if hasKey $resourceLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} +{{- end }} +{{- $result := merge $resourceLabels $globalLabels $chartLabels }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute checksums annotations for a resource + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceChecksumAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $checksums := default dict (default dict $definition.metadata).checksums }} +{{- range $kind, $names := $checksums }} + {{- if $names }} + {{- if (kindIs "slice" $names) }} + {{- range $name := $names }} + {{- $_ := set $result (printf "checksum-%s-%s" $kind $name) (include "metachart.checksumSingle" (merge (dict "params" + (dict + "kind" $kind + "name" $name + )) $)) }} + {{- end }} + {{- else if eq $names "*" }} + {{- $_ := set $result (printf "checksum-%s" $kind) (include "metachart.checksumKinds" (merge (dict "params" + (dict + "kinds" (list $kind) + )) $)) }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource annotations + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $checksums := (include "metachart.resourceChecksumAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- $result := merge (default dict ($resourceMeta.annotations) | deepCopy) (default dict $.Values.annotations) $checksums }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource ObjectMeta + +Params: + + definition : dict - Resource definition + name : string - Resource name as defined in the values file + nameSuffix : string - Suffix to be added to the resource name + withName : bool - Whether name key must be added (default: true) + withNameFullnamePrefix : bool - Whether fullname prefix must be added to the name (default: true) + +Return: dict in json format +*/}} +{{- define "metachart.resourceMeta" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $nameSuffix := $params.nameSuffix }} +{{- $withName := (hasKey $params "withName" | ternary $params.withName true) }} +{{- $withNameFullnamePrefix := (hasKey $params "withNameFullnamePrefix" | ternary $params.withNameFullnamePrefix true) }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- /* Execution */}} +{{- $result := omit $resourceMeta "labels" "annotations" "name" "checksums" }} +{{- $fullnamePrefix := "" }} +{{- if $withNameFullnamePrefix }} +{{- $fullnamePrefix = printf "%s-" (include "metachart.fullname" $context) }} +{{- end }} +{{- if $withName }} + {{- if $resourceMeta.name }} + {{- $_ := set $result "name" $resourceMeta.name }} + {{- else if $name }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s-%s" $fullnamePrefix $name $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $name) }} + {{- end }} + {{- else }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s" (include "metachart.fullname" $context)) }} + {{- end }} + {{- end }} +{{- end }} +{{- $_ := set $result "labels" (include "metachart.resourceLabels" (merge (dict "params" $params) $context) | fromJson) }} +{{- $_ = set $result "annotations" (include "metachart.resourceAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover all string values and render them as templates + +Params: + + data : any - data to be processed + +Return: dict in json format +*/}} +{{- define "metachart.deepRender" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $data := ($params.data | deepCopy) }} +{{- /* Execution */}} +{{- if kindIs "string" $data }} + {{- $result := tpl $data $context }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else if kindIs "map" $data }} + {{- $result := dict }} + {{- range $key, $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $_ := set $result $key $newValue }} + {{- else }} + {{- $_ := set $result $key $value }} + {{- end }} + {{- end }} + {{- $result | toJson }} +{{- else if kindIs "slice" $data }} + {{- $result := list }} + {{- range $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $result = append $result $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $result = append $result $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $result = append $result $newValue }} + {{- else }} + {{- $result = append $result $value }} + {{- end }} + {{- end }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else }} + {{- $result := $data }} + {{- /* Return */}} + {{- $result | toJson }} +{{- end }} +{{- end }} + +{{/* +Deep merge like function which concats 2 slices if meets in instead of +override. This implementation takes into account that each of source and target +values can be none one of specific type or nil. + +Params: + + source : dict | slice - Merge from + target : dict | slice - Merge to + +Return: dict | slice in json format +*/}} +{{- define "metachart.mergeConcatLists" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $source := ($params.source | deepCopy) }} +{{- $target := ($params.target | deepCopy) }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $keys := keys (default dict $source) (default dict $target) | uniq }} +{{- range $key := $keys }} + {{- $sourceValue := get $source $key }} + {{- $targetValue := get $target $key }} + {{- if or (kindIs "map" $sourceValue) (kindIs "map" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "map" $sourceValue }}{{- else }}{{- $sourceValue = dict }}{{- end }} + {{- if kindIs "map" $targetValue }}{{- else }}{{- $targetValue = dict }}{{- end }} + {{- $newValue := include "metachart.mergeConcatLists" (dict "params" (dict + "source" $sourceValue + "target" $targetValue + )) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if or (kindIs "slice" $sourceValue) (kindIs "slice" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "slice" $sourceValue }}{{- else }}{{- $sourceValue = list }}{{- end }} + {{- if kindIs "slice" $targetValue }}{{- else }}{{- $targetValue = list }}{{- end }} + {{- $newValue := concat $sourceValue $targetValue }} + {{- $_ := set $result $key $newValue }} + {{- else if hasKey $target $key }} + {{- $_ := set $result $key $targetValue }} + {{- else }} + {{- $_ := set $result $key $sourceValue }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover defaults for the specific kind and apply them to the resource + +Params: + + definition : dict - Resource definition + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.setDefaults" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := ($params.definition | deepCopy) }} +{{- $kind := $params.kind }} +{{- $kindSettings := ternary (get $.Values.settings $kind) (dict) (hasKey (default dict $.Values.settings) $kind) }} +{{- /* Execution */}} +{{- $defaults := default dict $kindSettings.defaults }} +{{- include "metachart.mergeConcatLists" (dict "params" (dict + "source" $defaults + "target" $definition +)) }} +{{- end }} + +{{/* +Discover all available resources (standalone and related) of specific kind. +It takes into account: + +- If resource kind is not disable in settings +- If resource definition.enabled is not false + +Params: + + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.discover" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $kindSettings := dict }} +{{- if hasKey (default dict $.Values.settings) $kind }} + {{- $kindSettings = get (default dict $.Values.settings) $kind }} +{{- end }} +{{- if not $kindSettings.disabled }} + {{- if hasKey $.Values $kind }} + {{- range $resourceName, $resourceDefinition := get $.Values $kind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $_ := set $result $resourceName $resourceDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- /* Discover related resources */}} + {{- $settingsKindAll := include "metachart.settings" $context | fromYaml | keys }} + {{- range $settingsKind := $settingsKindAll }} + {{- $resourceSettings := dict }} + {{- if hasKey (default dict $.Values.settings) $settingsKind }} + {{- $resourceSettings = get (default dict $.Values.settings) $settingsKind }} + {{- end }} + {{- if not $resourceSettings.disabled }} + {{- if hasKey $.Values $settingsKind }} + {{- range $resourceName, $resourceDefinition := get $.Values $settingsKind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $resourceRelated := default dict $resourceDefinition.related }} + {{- if hasKey $resourceRelated $kind }} + {{- range $name, $definition := get $resourceRelated $kind }} + {{- if hasKey $result $name }} + {{- fail (printf "Resource %s/%s defined in global and related scopes" $kind $name) }} + {{- else }} + {{- $patchedDefinition := $definition | deepCopy }} + {{- $_ := set $patchedDefinition "relatedComponent" (printf "%s-%s" $settingsKind $resourceName)}} + {{- $_ = set $result $name $patchedDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Build a complete resource ready for rendering + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + definition : dict - Resource definition + apiVersion : strint - Resource ApiVersion + kindCamelCase : string - Resource kind in CamelCase format + preprocess : bool - Whether the resource kind has a preprocessor + +Return: dict in json format +*/}} +{{- define "metachart.buildResource" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $name := $params.name }} +{{- $definition := $params.definition }} +{{- $apiVersion := $params.apiVersion }} +{{- $kindCamelCase := $params.kindCamelCase }} +{{- $preprocess := $params.preprocess }} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $component := (printf "%s-%s" $kind $name) }} +{{- $relatedComponent := $definition.relatedComponent }} +{{- $resource := dict + "apiVersion" $apiVersion + "kind" $kindCamelCase +}} +{{- $resource = merge $resource (omit ($definition | deepCopy) "enabled" "metadata" "related" "relatedComponent") }} +{{- $_ := set $resource "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $definition + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson) }} +{{- /* Apply defaults */}} +{{- $resource = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $resource + "kind" $kind + )) $context) | fromJson }} +{{- /* Preprocessing */}} +{{- $preprocessed := $resource }} +{{- if $preprocess }} + {{- $preprocessor := printf "metachart.preprocess.%s" $kind }} + {{- $preprocessed = include $preprocessor (merge (dict "params" + (dict + "definition" $resource + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson }} +{{- end }} +{{- /* Render */}} +{{- $result := include "metachart.deepRender" (merge (dict "params" (dict "data" $preprocessed)) $) | fromJson }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Render all release resources + +Return: yaml +*/}} +{{- define "metachart.renderAll" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $kinds := (include "metachart.settings" $context) | fromYaml | keys }} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "kinds" $kinds + )) $) }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Render specific resource kinds + +Params: + + kinds : slice - List of kinds + +Return: yaml +*/}} +{{- define "metachart.renderKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kinds := $params.kinds }} +{{- /* Execution */}} +{{- $result := "" }} +{{- range $kind := $kinds }} + {{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} + {{- range $name, $definition := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} + {{- $rendered := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} + {{- $result = printf "%s---%s\n...\n" $result $rendered }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of resources of specific kind + +Params: + + kinds : slice - List of kinds + +Return: string +*/}} +{{- define "metachart.checksumKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} + +{{/* +Render single resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: yaml +*/}} +{{- define "metachart.renderSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- $name := $params.name }} +{{- /* Execution */}} +{{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} +{{- $definitionsAll := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} +{{- if hasKey $definitionsAll $name }}{{- else }}{{- fail (printf "can not find resource %s/%s" $kind $name)}}{{- end }} +{{- $definition := get $definitionsAll $name }} +{{- $result := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of a specific resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: string +*/}} +{{- define "metachart.checksumSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderSingle" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} diff --git a/charts/meta-prometheus-operator/templates/generated/_settings.tpl b/charts/meta-prometheus-operator/templates/generated/_settings.tpl new file mode 100644 index 0000000..59b2934 --- /dev/null +++ b/charts/meta-prometheus-operator/templates/generated/_settings.tpl @@ -0,0 +1,35 @@ +{{- /* Resources definition */}} +{{- define "metachart.settings" }} +alertmanagerconfigs: + apiVersion: monitoring.coreos.com/v1beta1 + kindCamelCase: AlertmanagerConfig + preprocess: false +alertmanagers: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +podmonitors: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +probes: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +prometheuses: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +prometheusrules: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +servicemonitors: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +thanosrulers: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: false +{{- end }} \ No newline at end of file diff --git a/charts/meta-prometheus-operator/templates/resources.yaml b/charts/meta-prometheus-operator/templates/resources.yaml new file mode 100644 index 0000000..017a652 --- /dev/null +++ b/charts/meta-prometheus-operator/templates/resources.yaml @@ -0,0 +1 @@ +{{- include "metachart.renderAll" $ }} diff --git a/charts/meta-prometheus-operator/values.example.yaml b/charts/meta-prometheus-operator/values.example.yaml new file mode 100644 index 0000000..c19b407 --- /dev/null +++ b/charts/meta-prometheus-operator/values.example.yaml @@ -0,0 +1,36 @@ +#: +#: Demo Prometheus resource. Not a working example. +#: + +prometheuses: + main: + spec: + enableAdminAPI: false + evaluationInterval: 30s + externalUrl: http://prometheus.example.com/ + image: quay.io/prometheus/prometheus:v2.35.0 + listenLocal: false + logFormat: logfmt + logLevel: info + paused: false + portName: http-web + replicas: 1 + retention: 30d + routePrefix: / + scrapeInterval: 30s + securityContext: + fsGroup: 2000 + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + shards: 1 + storage: + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi + storageClassName: prometheus + version: v2.35.0 diff --git a/charts/meta-prometheus-operator/values.schema.full.json b/charts/meta-prometheus-operator/values.schema.full.json new file mode 100644 index 0000000..b1739c9 --- /dev/null +++ b/charts/meta-prometheus-operator/values.schema.full.json @@ -0,0 +1,7010 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "com.coreos.monitoring.pkg.apis.monitoring.v1.APIServerConfig": { + "additionalProperties": false, + "description": "APIServerConfig defines a host and auth methods to access apiserver. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization", + "description": "Authorization section for accessing apiserver" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth allow an endpoint to authenticate over basic authentication" + }, + "bearerToken": { + "description": "Bearer token for accessing apiserver.", + "type": "string" + }, + "bearerTokenFile": { + "description": "File to read bearer token for accessing apiserver.", + "type": "string" + }, + "host": { + "default": "", + "description": "Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "TLS Config to use for accessing apiserver." + } + }, + "required": [ + "host" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertingSpec": { + "additionalProperties": false, + "description": "AlertingSpec defines parameters for alerting configuration of Prometheus servers.", + "properties": { + "alertmanagers": { + "description": "AlertmanagerEndpoints Prometheus should fire alerts against.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerEndpoints", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "alertmanagers" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerConfiguration": { + "additionalProperties": false, + "description": "AlertmanagerConfiguration defines the Alertmanager configuration.", + "properties": { + "global": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerGlobalConfig", + "description": "Defines the global parameters of the Alertmanager configuration." + }, + "name": { + "description": "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules.", + "type": "string" + }, + "templates": { + "description": "Custom notification templates.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerEndpoints": { + "additionalProperties": false, + "description": "AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.", + "properties": { + "apiVersion": { + "description": "Version of the Alertmanager API that Prometheus uses to send alerts. It can be \"v1\" or \"v2\".", + "type": "string" + }, + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization section for this alertmanager endpoint" + }, + "bearerTokenFile": { + "description": "BearerTokenFile to read from filesystem to use when authenticating to Alertmanager.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of Endpoints object in Namespace.", + "type": "string" + }, + "namespace": { + "default": "", + "description": "Namespace of Endpoints object.", + "type": "string" + }, + "pathPrefix": { + "description": "Prefix for the HTTP path alerts are pushed to.", + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "default": {}, + "description": "Port the Alertmanager API is exposed on." + }, + "scheme": { + "description": "Scheme to use when firing alerts.", + "type": "string" + }, + "timeout": { + "description": "Timeout is a per-target Alertmanager timeout when pushing alerts.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "TLS Config to use for alertmanager connection." + } + }, + "required": [ + "namespace", + "name", + "port" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerGlobalConfig": { + "additionalProperties": false, + "description": "AlertmanagerGlobalConfig configures parameters that are valid in all other configuration contexts. See https://prometheus.io/docs/alerting/latest/configuration/#configuration-file", + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HTTPConfig", + "description": "HTTP client configuration." + }, + "resolveTimeout": { + "description": "ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerSpec": { + "additionalProperties": false, + "description": "AlertmanagerSpec is a specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "additionalPeers": { + "description": "AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity", + "description": "If specified, the pod's scheduling constraints." + }, + "alertmanagerConfigNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace." + }, + "alertmanagerConfigSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "AlertmanagerConfigs to be selected for to merge and configure Alertmanager with." + }, + "alertmanagerConfiguration": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerConfiguration", + "description": "EXPERIMENTAL: alertmanagerConfiguration specifies the configuration of Alertmanager. If defined, it takes precedence over the `configSecret` field. This field may change in future releases." + }, + "baseImage": { + "description": "Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead", + "type": "string" + }, + "clusterAdvertiseAddress": { + "description": "ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918", + "type": "string" + }, + "clusterGossipInterval": { + "description": "Interval between gossip attempts.", + "type": "string" + }, + "clusterPeerTimeout": { + "description": "Timeout for cluster peering.", + "type": "string" + }, + "clusterPushpullInterval": { + "description": "Interval between pushpull attempts.", + "type": "string" + }, + "configMaps": { + "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-\u003cconfigmap-name\u003e`. The ConfigMaps are mounted into `/etc/alertmanager/configmaps/\u003cconfigmap-name\u003e` in the 'alertmanager' container.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "configSecret": { + "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-\u003calertmanager-name\u003e`.\n\nThe Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret.\n\nIf either the secret or the `alertmanager.yaml` key is missing, the operator provisions an Alertmanager configuration with one empty receiver (effectively dropping alert notifications).", + "type": "string" + }, + "containers": { + "description": "Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "externalUrl": { + "description": "The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name.", + "type": "string" + }, + "forceEnableClusterMode": { + "description": "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.", + "type": "boolean" + }, + "hostAliases": { + "description": "Pods' hostAliases configuration", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "image": { + "description": "Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured.", + "type": "string" + }, + "imagePullSecrets": { + "description": "An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "default": {} + }, + "type": "array" + }, + "initContainers": { + "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "listenLocal": { + "description": "ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for Alertmanager to be configured with.", + "type": "string" + }, + "logLevel": { + "description": "Log level for Alertmanager to be configured with.", + "type": "string" + }, + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.", + "format": "int64", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Define which Nodes the Pods are scheduled on.", + "type": "object" + }, + "paused": { + "description": "If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions.", + "type": "boolean" + }, + "podMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata", + "description": "PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods." + }, + "portName": { + "description": "Port name used for the pods and governing service. This defaults to web", + "type": "string" + }, + "priorityClassName": { + "description": "Priority class assigned to the Pods", + "type": "string" + }, + "replicas": { + "description": "Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size.", + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {}, + "description": "Define resources requests and limits for single Pods." + }, + "retention": { + "description": "Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).", + "type": "string" + }, + "routePrefix": { + "description": "The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.", + "type": "string" + }, + "secrets": { + "description": "Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-\u003csecret-name\u003e`. The Secrets are mounted into `/etc/alertmanager/secrets/\u003csecret-name\u003e` in the 'alertmanager' container.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext", + "description": "SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext." + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.", + "type": "string" + }, + "sha": { + "description": "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.", + "type": "string" + }, + "storage": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec", + "description": "Storage is the definition of how storage will be used by the Alertmanager instances." + }, + "tag": { + "description": "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.", + "type": "string" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "If specified, the pod's topology spread constraints.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint", + "default": {} + }, + "type": "array" + }, + "version": { + "description": "Version the cluster should be on.", + "type": "string" + }, + "volumeMounts": { + "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + }, + "volumes": { + "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + }, + "web": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerWebSpec", + "description": "Defines the web command line flags when starting Alertmanager." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerWebSpec": { + "additionalProperties": false, + "description": "AlertmanagerWebSpec defines the web command line flags when starting Alertmanager.", + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPConfig", + "description": "Defines HTTP parameters for web server." + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebTLSConfig", + "description": "Defines the TLS parameters for HTTPS." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ArbitraryFSAccessThroughSMsConfig": { + "additionalProperties": false, + "description": "ArbitraryFSAccessThroughSMsConfig enables users to configure, whether a service monitor selected by the Prometheus instance is allowed to use arbitrary files on the file system of the Prometheus container. This is the case when e.g. a service monitor specifies a BearerTokenFile in an endpoint. A malicious user could create a service monitor selecting arbitrary secret files in the Prometheus container. Those secrets would then be sent with a scrape request by Prometheus to a malicious target. Denying the above would prevent the attack, users can instead use the BearerTokenSecret field.", + "properties": { + "deny": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Argument": { + "additionalProperties": false, + "description": "Argument as part of the AdditionalArgs list.", + "properties": { + "name": { + "default": "", + "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", + "type": "string" + }, + "value": { + "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata": { + "additionalProperties": false, + "properties": { + "node": { + "description": "When set to true, Prometheus must have permissions to get Nodes.", + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization": { + "additionalProperties": false, + "description": "Authorization contains optional `Authorization` header configuration. This section is only understood by versions of Prometheus \u003e= 2.26.0.", + "properties": { + "credentials": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "The secret's key that contains the credentials of the request" + }, + "credentialsFile": { + "description": "File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization)", + "type": "string" + }, + "type": { + "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth": { + "additionalProperties": false, + "description": "BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints", + "properties": { + "password": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "The secret in the service monitor namespace that contains the password for authentication." + }, + "username": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "The secret in the service monitor namespace that contains the username for authentication." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata": { + "additionalProperties": false, + "description": "EmbeddedObjectMetadata contains a subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta Only fields which are relevant to embedded resources are included.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedPersistentVolumeClaim": { + "additionalProperties": false, + "description": "EmbeddedPersistentVolumeClaim is an embedded version of k8s.io/api/core/v1.PersistentVolumeClaim. It contains TypeMeta and a reduced ObjectMeta.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata", + "default": {}, + "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource." + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "default": {}, + "description": "Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "status": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimStatus", + "default": {}, + "description": "Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Endpoint": { + "additionalProperties": false, + "description": "Endpoint defines a scrapeable endpoint serving Prometheus metrics.", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization section for this endpoint" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints" + }, + "bearerTokenFile": { + "description": "File to read bearer token for scraping targets.", + "type": "string" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator." + }, + "enableHttp2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, + "followRedirects": { + "description": "FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.", + "type": "boolean" + }, + "honorLabels": { + "description": "HonorLabels chooses the metric's labels on collisions with target labels.", + "type": "boolean" + }, + "honorTimestamps": { + "description": "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.", + "type": "boolean" + }, + "interval": { + "description": "Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used.", + "type": "string" + }, + "metricRelabelings": { + "description": "MetricRelabelConfigs to apply to samples before ingestion.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + }, + "params": { + "additionalProperties": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "description": "Optional HTTP URL parameters", + "type": "object" + }, + "path": { + "description": "HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`).", + "type": "string" + }, + "port": { + "description": "Name of the service port this endpoint refers to. Mutually exclusive with targetPort.", + "type": "string" + }, + "proxyUrl": { + "description": "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.", + "type": "string" + }, + "relabelings": { + "description": "RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "scheme": { + "description": "HTTP scheme to use for scraping.", + "type": "string" + }, + "scrapeTimeout": { + "description": "Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used.", + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port." + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "TLS configuration to use when scraping the endpoint" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Exemplars": { + "additionalProperties": false, + "properties": { + "maxSize": { + "description": "Maximum number of exemplars stored in memory for all series. If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.HTTPConfig": { + "additionalProperties": false, + "description": "HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+." + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence." + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator." + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 client credentials used to fetch a token for the targets." + }, + "proxyURL": { + "description": "Optional proxy URL.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig", + "description": "TLS configuration for the client." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias": { + "additionalProperties": false, + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "ip": { + "default": "", + "description": "IP address of the host file entry.", + "type": "string" + } + }, + "required": [ + "ip", + "hostnames" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.MetadataConfig": { + "additionalProperties": false, + "description": "MetadataConfig configures the sending of series metadata to the remote storage.", + "properties": { + "send": { + "description": "Whether metric metadata is sent to the remote storage or not.", + "type": "boolean" + }, + "sendInterval": { + "description": "How frequently metric metadata is sent to the remote storage.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector": { + "additionalProperties": false, + "description": "NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces. If `any` is true, it takes precedence over `matchNames`. If `matchNames` is empty and `any` is false, it means that the objects are selected from the current namespace.", + "properties": { + "any": { + "description": "Boolean describing whether all namespaces are selected in contrast to a list restricting them.", + "type": "boolean" + }, + "matchNames": { + "description": "List of namespace names to select from.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2": { + "additionalProperties": false, + "description": "OAuth2 allows an endpoint to authenticate with OAuth2. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2", + "properties": { + "clientId": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "The secret or configmap containing the OAuth2 client id" + }, + "clientSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "The secret containing the OAuth2 client secret" + }, + "endpointParams": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Parameters to append to the token URL", + "type": "object" + }, + "scopes": { + "description": "OAuth2 scopes used for the token request", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "default": "", + "description": "The URL to fetch the token from", + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ObjectReference": { + "additionalProperties": false, + "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", + "properties": { + "group": { + "default": "", + "description": "Group of the referent. When not specified, it defaults to `monitoring.coreos.com`", + "type": "string" + }, + "name": { + "description": "Name of the referent. When not set, all resources are matched.", + "type": "string" + }, + "namespace": { + "default": "", + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resource": { + "default": "", + "description": "Resource of the referent.", + "type": "string" + } + }, + "required": [ + "resource", + "namespace" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint": { + "additionalProperties": false, + "description": "PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization section for this endpoint" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator." + }, + "enableHttp2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, + "filterRunning": { + "description": "Drop pods that are not running. (Failed, Succeeded). Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", + "type": "boolean" + }, + "followRedirects": { + "description": "FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.", + "type": "boolean" + }, + "honorLabels": { + "description": "HonorLabels chooses the metric's labels on collisions with target labels.", + "type": "boolean" + }, + "honorTimestamps": { + "description": "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.", + "type": "boolean" + }, + "interval": { + "description": "Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used.", + "type": "string" + }, + "metricRelabelings": { + "description": "MetricRelabelConfigs to apply to samples before ingestion.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + }, + "params": { + "additionalProperties": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "description": "Optional HTTP URL parameters", + "type": "object" + }, + "path": { + "description": "HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`).", + "type": "string" + }, + "port": { + "description": "Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.", + "type": "string" + }, + "proxyUrl": { + "description": "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.", + "type": "string" + }, + "relabelings": { + "description": "RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "scheme": { + "description": "HTTP scheme to use for scraping.", + "type": "string" + }, + "scrapeTimeout": { + "description": "Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used.", + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Deprecated: Use 'port' instead." + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig", + "description": "TLS configuration to use when scraping the endpoint." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig": { + "additionalProperties": false, + "description": "PodMetricsEndpointTLSConfig specifies TLS configuration parameters.", + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the CA cert to use for the targets." + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the client cert file for the targets." + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing the client key file for the targets." + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec": { + "additionalProperties": false, + "description": "PodMonitorSpec contains specification parameters for a PodMonitor.", + "properties": { + "attachMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata", + "description": "Attaches node metadata to discovered targets. Only valid for role: pod. Only valid in Prometheus versions 2.35.0 and newer." + }, + "jobLabel": { + "description": "The label to use to retrieve the job name from.", + "type": "string" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {}, + "description": "Selector to select which namespaces the Endpoints objects are discovered from." + }, + "podMetricsEndpoints": { + "description": "A list of endpoints allowed as part of this PodMonitor.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint", + "default": {} + }, + "type": "array" + }, + "podTargetLabels": { + "description": "PodTargetLabels transfers labels on the Kubernetes Pod onto the target.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "format": "int64", + "type": "integer" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {}, + "description": "Selector to select Pod objects." + }, + "targetLimit": { + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "podMetricsEndpoints", + "selector" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeSpec": { + "additionalProperties": false, + "description": "ProbeSpec contains specification parameters for a Probe.", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization section for this endpoint" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator." + }, + "interval": { + "description": "Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.", + "type": "string" + }, + "jobName": { + "description": "The job name assigned to scraped metrics by default.", + "type": "string" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "metricRelabelings": { + "description": "MetricRelabelConfigs to apply to samples before ingestion.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "module": { + "description": "The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml", + "type": "string" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + }, + "prober": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProberSpec", + "default": {}, + "description": "Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty." + }, + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "format": "int64", + "type": "integer" + }, + "scrapeTimeout": { + "description": "Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape interval is used.", + "type": "string" + }, + "targetLimit": { + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", + "format": "int64", + "type": "integer" + }, + "targets": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargets", + "default": {}, + "description": "Targets defines a set of static or dynamically discovered targets to probe." + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTLSConfig", + "description": "TLS configuration to use when scraping the endpoint." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTLSConfig": { + "additionalProperties": false, + "description": "ProbeTLSConfig specifies TLS configuration parameters.", + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the CA cert to use for the targets." + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the client cert file for the targets." + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing the client key file for the targets." + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetIngress": { + "additionalProperties": false, + "description": "ProbeTargetIngress defines the set of Ingress objects considered for probing. The operator configures a target for each host/path combination of each ingress object.", + "properties": { + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {}, + "description": "From which namespaces to select Ingress objects." + }, + "relabelingConfigs": { + "description": "RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {}, + "description": "Selector to select the Ingress objects." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetStaticConfig": { + "additionalProperties": false, + "description": "ProbeTargetStaticConfig defines the set of static targets considered for probing.", + "properties": { + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Labels assigned to all metrics scraped from the targets.", + "type": "object" + }, + "relabelingConfigs": { + "description": "RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "static": { + "description": "The list of hosts to probe.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargets": { + "additionalProperties": false, + "description": "ProbeTargets defines how to discover the probed targets. One of the `staticConfig` or `ingress` must be defined. If both are defined, `staticConfig` takes precedence.", + "properties": { + "ingress": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetIngress", + "description": "ingress defines the Ingress objects to probe and the relabeling configuration. If `staticConfig` is also defined, `staticConfig` takes precedence." + }, + "staticConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetStaticConfig", + "description": "staticConfig defines the static list of targets to probe and the relabeling configuration. If `ingress` is also defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProberSpec": { + "additionalProperties": false, + "description": "ProberSpec contains specification parameters for the Prober used for probing.", + "properties": { + "path": { + "description": "Path to collect metrics from. Defaults to `/probe`.", + "type": "string" + }, + "proxyUrl": { + "description": "Optional ProxyURL.", + "type": "string" + }, + "scheme": { + "description": "HTTP scheme to use for scraping. Defaults to `http`.", + "type": "string" + }, + "url": { + "default": "", + "description": "Mandatory URL of the prober.", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleExcludeConfig": { + "additionalProperties": false, + "description": "PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics.", + "properties": { + "ruleName": { + "default": "", + "description": "RuleNamespace - name of excluded rule", + "type": "string" + }, + "ruleNamespace": { + "default": "", + "description": "RuleNamespace - namespace of excluded rule", + "type": "string" + } + }, + "required": [ + "ruleNamespace", + "ruleName" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec": { + "additionalProperties": false, + "description": "PrometheusRuleSpec contains specification parameters for a Rule.", + "properties": { + "groups": { + "description": "Content of Prometheus rule file", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusSpec": { + "additionalProperties": false, + "description": "PrometheusSpec is a specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "additionalAlertManagerConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade." + }, + "additionalAlertRelabelConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade." + }, + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the Prometheus container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Argument", + "default": {} + }, + "type": "array" + }, + "additionalScrapeConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade." + }, + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity", + "description": "If specified, the pod's scheduling constraints." + }, + "alerting": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertingSpec", + "description": "Define details regarding alerting." + }, + "allowOverlappingBlocks": { + "description": "AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release.", + "type": "boolean" + }, + "apiserverConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.APIServerConfig", + "description": "APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." + }, + "arbitraryFSAccessThroughSMs": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ArbitraryFSAccessThroughSMsConfig", + "default": {}, + "description": "ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files." + }, + "baseImage": { + "description": "Base image to use for a Prometheus deployment. Deprecated: use 'image' instead", + "type": "string" + }, + "configMaps": { + "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-\u003cconfigmap-name\u003e`. The ConfigMaps are mounted into /etc/prometheus/configmaps/\u003cconfigmap-name\u003e in the 'prometheus' container.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "containers": { + "description": "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "disableCompaction": { + "description": "Disable prometheus compaction.", + "type": "boolean" + }, + "enableAdminAPI": { + "description": "Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", + "type": "boolean" + }, + "enableFeatures": { + "description": "Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "enableRemoteWriteReceiver": { + "description": "Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver Only valid in Prometheus versions 2.33.0 and newer.", + "type": "boolean" + }, + "enforcedBodySizeLimit": { + "description": "EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. Example: 100MB. If defined, the limit will apply to all service/pod monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.", + "type": "string" + }, + "enforcedLabelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "enforcedLabelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "enforcedLabelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "enforcedNamespaceLabel": { + "description": "EnforcedNamespaceLabel If set, a label will be added to\n\n1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `Probe` objects) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to\n * alerting \u0026 recording rules and\n * the metrics used in their expressions (`expr`).\n\nLabel name is this field's value. Label value is the namespace of the created object (mentioned above).", + "type": "string" + }, + "enforcedSampleLimit": { + "description": "EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.", + "format": "int64", + "type": "integer" + }, + "enforcedTargetLimit": { + "description": "EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.", + "format": "int64", + "type": "integer" + }, + "evaluationInterval": { + "description": "Interval between consecutive evaluations. Default: `30s`", + "type": "string" + }, + "excludedFromEnforcement": { + "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ObjectReference", + "default": {} + }, + "type": "array" + }, + "exemplars": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Exemplars", + "description": "Exemplars related settings that are runtime reloadable. It requires to enable the exemplar storage feature to be effective." + }, + "externalLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).", + "type": "object" + }, + "externalUrl": { + "description": "The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name.", + "type": "string" + }, + "hostAliases": { + "description": "Pods' hostAliases configuration", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "hostNetwork": { + "description": "Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically.", + "type": "boolean" + }, + "ignoreNamespaceSelectors": { + "description": "IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. They will only discover endpoints within the namespace of the PodMonitor, ServiceMonitor and Probe objects. Defaults to false.", + "type": "boolean" + }, + "image": { + "description": "Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured.", + "type": "string" + }, + "imagePullSecrets": { + "description": "An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "default": {} + }, + "type": "array" + }, + "initContainers": { + "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "listenLocal": { + "description": "ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for Prometheus to be configured with.", + "type": "string" + }, + "logLevel": { + "description": "Log level for Prometheus to be configured with.", + "type": "string" + }, + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.", + "format": "int64", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Define which Nodes the Pods are scheduled on.", + "type": "object" + }, + "overrideHonorLabels": { + "description": "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to \"exported_\u003clabel value\u003e\" for all targets created from service and pod monitors. Otherwise the HonorLabels field of the service or pod monitor applies.", + "type": "boolean" + }, + "overrideHonorTimestamps": { + "description": "When true, Prometheus ignores the timestamps for all the targets created from service and pod monitors. Otherwise the HonorTimestamps field of the service or pod monitor applies.", + "type": "boolean" + }, + "paused": { + "description": "When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.", + "type": "boolean" + }, + "podMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata", + "description": "PodMetadata configures Labels and Annotations which are propagated to the prometheus pods." + }, + "podMonitorNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace." + }, + "podMonitorSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged." + }, + "portName": { + "description": "Port name used for the pods and governing service. This defaults to web", + "type": "string" + }, + "priorityClassName": { + "description": "Priority class assigned to the Pods", + "type": "string" + }, + "probeNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace." + }, + "probeSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "*Experimental* Probes to be selected for target discovery." + }, + "prometheusExternalLabelName": { + "description": "Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`\"\"`).", + "type": "string" + }, + "prometheusRulesExcludedFromEnforce": { + "description": "PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair. Deprecated: use excludedFromEnforcement instead.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleExcludeConfig", + "default": {} + }, + "type": "array" + }, + "query": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.QuerySpec", + "description": "QuerySpec defines the query command line flags when starting Prometheus." + }, + "queryLogFile": { + "description": "QueryLogFile specifies the file to which PromQL queries are logged. If the filename has an empty path, e.g. 'query.log', prometheus-operator will mount the file into an emptyDir volume at `/var/log/prometheus`. If a full path is provided, e.g. /var/log/prometheus/query.log, you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log query information to the default Prometheus log stream. This is only available in versions of Prometheus \u003e= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)", + "type": "string" + }, + "remoteRead": { + "description": "remoteRead is the list of remote read configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteReadSpec", + "default": {} + }, + "type": "array" + }, + "remoteWrite": { + "description": "remoteWrite is the list of remote write configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteWriteSpec", + "default": {} + }, + "type": "array" + }, + "replicaExternalLabelName": { + "description": "Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`\"\"`).", + "type": "string" + }, + "replicas": { + "description": "Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created.", + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {}, + "description": "Define resources requests and limits for single Pods." + }, + "retention": { + "description": "Time duration Prometheus shall retain data for. Default is '24h' if retentionSize is not set, and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).", + "type": "string" + }, + "retentionSize": { + "description": "Maximum amount of disk space used by blocks.", + "type": "string" + }, + "routePrefix": { + "description": "The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.", + "type": "string" + }, + "ruleNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used." + }, + "ruleSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated." + }, + "rules": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Rules", + "default": {}, + "description": "/--rules.*/ command-line arguments." + }, + "scrapeInterval": { + "description": "Interval between consecutive scrapes. Default: `30s`", + "type": "string" + }, + "scrapeTimeout": { + "description": "Number of seconds to wait for target to respond before erroring.", + "type": "string" + }, + "secrets": { + "description": "Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-\u003csecret-name\u003e`. The Secrets are mounted into /etc/prometheus/secrets/\u003csecret-name\u003e in the 'prometheus' container.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext", + "description": "SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext." + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.", + "type": "string" + }, + "serviceMonitorNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace." + }, + "serviceMonitorSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged." + }, + "sha": { + "description": "SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.", + "type": "string" + }, + "shards": { + "description": "EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.", + "format": "int32", + "type": "integer" + }, + "storage": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec", + "description": "Storage spec to specify how storage shall be used." + }, + "tag": { + "description": "Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.", + "type": "string" + }, + "thanos": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosSpec", + "description": "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.\n\nThis section is experimental, it may change significantly without deprecation notice in any release.\n\nThis is experimental and may change significantly without backward compatibility in any release." + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "If specified, the pod's topology spread constraints.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint", + "default": {} + }, + "type": "array" + }, + "tsdb": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TSDBSpec", + "default": {}, + "description": "Defines the runtime reloadable configuration of the timeseries database (TSDB)." + }, + "version": { + "description": "Version of Prometheus to be deployed.", + "type": "string" + }, + "volumeMounts": { + "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + }, + "volumes": { + "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + }, + "walCompression": { + "description": "Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus \u003e= 2.11.0.", + "type": "boolean" + }, + "web": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusWebSpec", + "description": "Defines the web command line flags when starting Prometheus." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusWebSpec": { + "additionalProperties": false, + "description": "PrometheusWebSpec defines the web command line flags when starting Prometheus.", + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPConfig", + "description": "Defines HTTP parameters for web server." + }, + "pageTitle": { + "description": "The prometheus web page title", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebTLSConfig", + "description": "Defines the TLS parameters for HTTPS." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.QuerySpec": { + "additionalProperties": false, + "description": "QuerySpec defines the query command line flags when starting Prometheus.", + "properties": { + "lookbackDelta": { + "description": "The delta difference allowed for retrieving metrics during expression evaluations.", + "type": "string" + }, + "maxConcurrency": { + "description": "Number of concurrent queries that can be run at once.", + "format": "int32", + "type": "integer" + }, + "maxSamples": { + "description": "Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return.", + "format": "int32", + "type": "integer" + }, + "timeout": { + "description": "Maximum time a query may take before being aborted.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.QueueConfig": { + "additionalProperties": false, + "description": "QueueConfig allows the tuning of remote write's queue_config parameters. This object is referenced in the RemoteWriteSpec object.", + "properties": { + "batchSendDeadline": { + "description": "BatchSendDeadline is the maximum time a sample will wait in buffer.", + "type": "string" + }, + "capacity": { + "description": "Capacity is the number of samples to buffer per shard before we start dropping them.", + "format": "int32", + "type": "integer" + }, + "maxBackoff": { + "description": "MaxBackoff is the maximum retry delay.", + "type": "string" + }, + "maxRetries": { + "description": "MaxRetries is the maximum number of times to retry a batch on recoverable errors.", + "format": "int32", + "type": "integer" + }, + "maxSamplesPerSend": { + "description": "MaxSamplesPerSend is the maximum number of samples per send.", + "format": "int32", + "type": "integer" + }, + "maxShards": { + "description": "MaxShards is the maximum number of shards, i.e. amount of concurrency.", + "format": "int32", + "type": "integer" + }, + "minBackoff": { + "description": "MinBackoff is the initial retry delay. Gets doubled for every retry.", + "type": "string" + }, + "minShards": { + "description": "MinShards is the minimum number of shards, i.e. amount of concurrency.", + "format": "int32", + "type": "integer" + }, + "retryOnRateLimit": { + "description": "Retry upon receiving a 429 status code from the remote-write storage. This is experimental feature and might change in the future.", + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig": { + "additionalProperties": false, + "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "properties": { + "action": { + "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus \u003e= 2.36.", + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "type": "string" + }, + "separator": { + "description": "Separator placed between concatenated source label values. default is ';'.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteReadSpec": { + "additionalProperties": false, + "description": "RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint.", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization", + "description": "Authorization section for remote read" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth for the URL." + }, + "bearerToken": { + "description": "Bearer token for remote read.", + "type": "string" + }, + "bearerTokenFile": { + "description": "File to read bearer token for remote read.", + "type": "string" + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Custom HTTP headers to be sent along with each remote read request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.26.0 and newer.", + "type": "object" + }, + "name": { + "description": "The name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer.", + "type": "string" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + }, + "proxyUrl": { + "description": "Optional ProxyURL.", + "type": "string" + }, + "readRecent": { + "description": "Whether reads should be made for queries for time ranges that the local storage should have complete data for.", + "type": "boolean" + }, + "remoteTimeout": { + "description": "Timeout for requests to the remote read endpoint.", + "type": "string" + }, + "requiredMatchers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "An optional list of equality matchers which have to be present in a selector to query the remote read endpoint.", + "type": "object" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "TLS Config to use for remote read." + }, + "url": { + "default": "", + "description": "The URL of the endpoint to query from.", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteWriteSpec": { + "additionalProperties": false, + "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization", + "description": "Authorization section for remote write" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth for the URL." + }, + "bearerToken": { + "description": "Bearer token for remote write.", + "type": "string" + }, + "bearerTokenFile": { + "description": "File to read bearer token for remote write.", + "type": "string" + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer.", + "type": "object" + }, + "metadataConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.MetadataConfig", + "description": "MetadataConfig configures the sending of series metadata to the remote storage." + }, + "name": { + "description": "The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer.", + "type": "string" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + }, + "proxyUrl": { + "description": "Optional ProxyURL.", + "type": "string" + }, + "queueConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.QueueConfig", + "description": "QueueConfig allows tuning of the remote write queue parameters." + }, + "remoteTimeout": { + "description": "Timeout for requests to the remote write endpoint.", + "type": "string" + }, + "sendExemplars": { + "description": "Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the enableFeature option for exemplars to be scraped in the first place. Only valid in Prometheus versions 2.27.0 and newer.", + "type": "boolean" + }, + "sigv4": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4", + "description": "Sigv4 allows to configures AWS's Signature Verification 4" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "TLS Config to use for remote write." + }, + "url": { + "default": "", + "description": "The URL of the endpoint to send samples to.", + "type": "string" + }, + "writeRelabelConfigs": { + "description": "The list of remote write relabel configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Rule": { + "additionalProperties": false, + "description": "Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule", + "properties": { + "alert": { + "type": "string" + }, + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "expr": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "default": {} + }, + "for": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "record": { + "type": "string" + } + }, + "required": [ + "expr" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup": { + "additionalProperties": false, + "description": "RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are 'warn' or 'abort'. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response", + "properties": { + "interval": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "partial_response_strategy": { + "type": "string" + }, + "rules": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Rule", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name", + "rules" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Rules": { + "additionalProperties": false, + "description": "/--rules.*/ command-line arguments", + "properties": { + "alert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RulesAlert", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RulesAlert": { + "additionalProperties": false, + "description": "/--rules.alert.*/ command-line arguments", + "properties": { + "forGracePeriod": { + "description": "Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period.", + "type": "string" + }, + "forOutageTolerance": { + "description": "Max time to tolerate prometheus outage for restoring 'for' state of alert.", + "type": "string" + }, + "resendDelay": { + "description": "Minimum amount of time to wait before resending an alert to Alertmanager.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization": { + "additionalProperties": false, + "description": "SafeAuthorization specifies a subset of the Authorization struct, that is safe for use in Endpoints (no CredentialsFile field)", + "properties": { + "credentials": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "The secret's key that contains the credentials of the request" + }, + "type": { + "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig": { + "additionalProperties": false, + "description": "SafeTLSConfig specifies safe TLS configuration parameters.", + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the CA cert to use for the targets." + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the client cert file for the targets." + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing the client key file for the targets." + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap": { + "additionalProperties": false, + "description": "SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.", + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector", + "description": "ConfigMap containing data to use for the targets." + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing data to use for the targets." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitorSpec": { + "additionalProperties": false, + "description": "ServiceMonitorSpec contains specification parameters for a ServiceMonitor.", + "properties": { + "endpoints": { + "description": "A list of endpoints allowed as part of this ServiceMonitor.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Endpoint", + "default": {} + }, + "type": "array" + }, + "jobLabel": { + "description": "JobLabel selects the label from the associated Kubernetes service which will be used as the `job` label for all metrics.\n\nFor example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: bar`, then the `job=\"bar\"` label is added to all metrics.\n\nIf the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the Kubernetes Service.", + "type": "string" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {}, + "description": "Selector to select which namespaces the Kubernetes Endpoints objects are discovered from." + }, + "podTargetLabels": { + "description": "PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "format": "int64", + "type": "integer" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {}, + "description": "Selector to select Endpoints objects." + }, + "targetLabels": { + "description": "TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "targetLimit": { + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "endpoints", + "selector" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4": { + "additionalProperties": false, + "description": "Sigv4 optionally configures AWS's Signature Verification 4 signing process to sign requests. Cannot be set at the same time as basic_auth or authorization.", + "properties": { + "accessKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used." + }, + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec": { + "additionalProperties": false, + "description": "StorageSpec defines the configured storage for a group Prometheus servers. If no storage option is specified, then by default an [EmptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) will be used. If multiple storage options are specified, priority will be given as follows: EmptyDir, Ephemeral, and lastly VolumeClaimTemplate.", + "properties": { + "disableMountSubPath": { + "description": "Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.", + "type": "boolean" + }, + "emptyDir": { + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource", + "description": "EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" + }, + "ephemeral": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource", + "description": "EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" + }, + "volumeClaimTemplate": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedPersistentVolumeClaim", + "default": {}, + "description": "A PVC spec to be used by the Prometheus StatefulSets." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig": { + "additionalProperties": false, + "description": "TLSConfig extends the safe TLS configuration with file parameters.", + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the CA cert to use for the targets." + }, + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the client cert file for the targets." + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing the client key file for the targets." + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.TSDBSpec": { + "additionalProperties": false, + "properties": { + "outOfOrderTimeWindow": { + "description": "Configures how old an out-of-order/out-of-bounds sample can be w.r.t. the TSDB max time. An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is \u003e= (TSDB.MaxTime - outOfOrderTimeWindow). Out of order ingestion is an experimental feature and requires Prometheus \u003e= v2.39.0.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRulerSpec": { + "additionalProperties": false, + "description": "ThanosRulerSpec is a specification of the desired behavior of the ThanosRuler. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity", + "description": "If specified, the pod's scheduling constraints." + }, + "alertDropLabels": { + "description": "AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. The replica label `thanos_ruler_replica` will always be dropped in alerts.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "alertQueryUrl": { + "description": "The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg.", + "type": "string" + }, + "alertRelabelConfigFile": { + "description": "AlertRelabelConfigFile specifies the path of the alert relabeling configuration file. When used alongside with AlertRelabelConfigs, alertRelabelConfigFile takes precedence.", + "type": "string" + }, + "alertRelabelConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "AlertRelabelConfigs configures alert relabeling in ThanosRuler. Alert relabel configurations must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs Alternative to AlertRelabelConfigFile, and lower order priority." + }, + "alertmanagersConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg." + }, + "alertmanagersUrl": { + "description": "Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "containers": { + "description": "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "enforcedNamespaceLabel": { + "description": "EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.", + "type": "string" + }, + "evaluationInterval": { + "description": "Interval between consecutive evaluations.", + "type": "string" + }, + "excludedFromEnforcement": { + "description": "List of references to PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ObjectReference", + "default": {} + }, + "type": "array" + }, + "externalPrefix": { + "description": "The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name.", + "type": "string" + }, + "grpcServerTlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args." + }, + "hostAliases": { + "description": "Pods' hostAliases configuration", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "image": { + "description": "Thanos container image URL.", + "type": "string" + }, + "imagePullSecrets": { + "description": "An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "default": {} + }, + "type": "array" + }, + "initContainers": { + "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Labels configure the external label pairs to ThanosRuler. A default replica label `thanos_ruler_replica` will be always added as a label with the value of the pod's name and it will be dropped in the alerts.", + "type": "object" + }, + "listenLocal": { + "description": "ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for ThanosRuler to be configured with.", + "type": "string" + }, + "logLevel": { + "description": "Log level for ThanosRuler to be configured with.", + "type": "string" + }, + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.", + "format": "int64", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Define which Nodes the Pods are scheduled on.", + "type": "object" + }, + "objectStorageConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority." + }, + "objectStorageConfigFile": { + "description": "ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.", + "type": "string" + }, + "paused": { + "description": "When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects.", + "type": "boolean" + }, + "podMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata", + "description": "PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods." + }, + "portName": { + "description": "Port name used for the pods and governing service. This defaults to web", + "type": "string" + }, + "priorityClassName": { + "description": "Priority class assigned to the Pods", + "type": "string" + }, + "prometheusRulesExcludedFromEnforce": { + "description": "PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair Deprecated: use excludedFromEnforcement instead.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleExcludeConfig", + "default": {} + }, + "type": "array" + }, + "queryConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher." + }, + "queryEndpoints": { + "description": "QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "replicas": { + "description": "Number of thanos ruler instances to deploy.", + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {}, + "description": "Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set" + }, + "retention": { + "description": "Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).", + "type": "string" + }, + "routePrefix": { + "description": "The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.", + "type": "string" + }, + "ruleNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used." + }, + "ruleSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A label selector to select which PrometheusRules to mount for alerting and recording." + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext", + "description": "SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext." + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods.", + "type": "string" + }, + "storage": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec", + "description": "Storage spec to specify how storage shall be used." + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "If specified, the pod's topology spread constraints.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint", + "default": {} + }, + "type": "array" + }, + "tracingConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way." + }, + "tracingConfigFile": { + "description": "TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.", + "type": "string" + }, + "volumes": { + "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosSpec": { + "additionalProperties": false, + "description": "ThanosSpec defines parameters for a Prometheus server within a Thanos deployment.", + "properties": { + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Argument", + "default": {} + }, + "type": "array" + }, + "baseImage": { + "description": "Thanos base image if other than default. Deprecated: use 'image' instead", + "type": "string" + }, + "grpcListenLocal": { + "description": "If true, the Thanos sidecar listens on the loopback interface for the gRPC endpoints. It has no effect if `listenLocal` is true.", + "type": "boolean" + }, + "grpcServerTlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig", + "description": "GRPCServerTLSConfig configures the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args." + }, + "httpListenLocal": { + "description": "If true, the Thanos sidecar listens on the loopback interface for the HTTP endpoints. It has no effect if `listenLocal` is true.", + "type": "boolean" + }, + "image": { + "description": "Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured.", + "type": "string" + }, + "listenLocal": { + "description": "If true, the Thanos sidecar listens on the loopback interface for the HTTP and gRPC endpoints. It takes precedence over `grpcListenLocal` and `httpListenLocal`. Deprecated: use `grpcListenLocal` and `httpListenLocal` instead.", + "type": "boolean" + }, + "logFormat": { + "description": "LogFormat for Thanos sidecar to be configured with.", + "type": "string" + }, + "logLevel": { + "description": "LogLevel for Thanos sidecar to be configured with.", + "type": "string" + }, + "minTime": { + "description": "MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.", + "type": "string" + }, + "objectStorageConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority." + }, + "objectStorageConfigFile": { + "description": "ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.", + "type": "string" + }, + "readyTimeout": { + "description": "ReadyTimeout is the maximum time Thanos sidecar will wait for Prometheus to start. Eg 10m", + "type": "string" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {}, + "description": "Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set" + }, + "sha": { + "description": "SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.", + "type": "string" + }, + "tag": { + "description": "Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.", + "type": "string" + }, + "tracingConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way." + }, + "tracingConfigFile": { + "description": "TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.", + "type": "string" + }, + "version": { + "description": "Version describes the version of Thanos to use.", + "type": "string" + }, + "volumeMounts": { + "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the thanos-sidecar container.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPConfig": { + "additionalProperties": false, + "description": "WebHTTPConfig defines HTTP parameters for web server.", + "properties": { + "headers": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPHeaders", + "description": "List of headers that can be added to HTTP responses." + }, + "http2": { + "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered.", + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPHeaders": { + "additionalProperties": false, + "description": "WebHTTPHeaders defines the list of headers that can be added to HTTP responses.", + "properties": { + "contentSecurityPolicy": { + "description": "Set the Content-Security-Policy header to HTTP responses. Unset if blank.", + "type": "string" + }, + "strictTransportSecurity": { + "description": "Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "type": "string" + }, + "xContentTypeOptions": { + "description": "Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", + "type": "string" + }, + "xFrameOptions": { + "description": "Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", + "type": "string" + }, + "xXSSProtection": { + "description": "Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.WebTLSConfig": { + "additionalProperties": false, + "description": "WebTLSConfig defines the TLS parameters for HTTPS.", + "properties": { + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Contains the TLS certificate for the server." + }, + "cipherSuites": { + "description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "clientAuthType": { + "description": "Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "client_ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Contains the CA certificate for client certificate authentication to the server." + }, + "curvePreferences": { + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "Secret containing the TLS key for the server." + }, + "maxVersion": { + "description": "Maximum TLS version that is acceptable. Defaults to TLS13.", + "type": "string" + }, + "minVersion": { + "description": "Minimum TLS version that is acceptable. Defaults to TLS12.", + "type": "string" + }, + "preferServerCipherSuites": { + "description": "Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used.", + "type": "boolean" + } + }, + "required": [ + "keySecret", + "cert" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec": { + "additionalProperties": false, + "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource.", + "properties": { + "inhibitRules": { + "description": "List of inhibition rules. The rules will only apply to alerts matching the resource's namespace.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule", + "default": {} + }, + "type": "array" + }, + "receivers": { + "description": "List of receivers.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver", + "default": {} + }, + "type": "array" + }, + "route": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route", + "description": "The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route." + }, + "timeIntervals": { + "description": "List of TimeInterval specifying when the routes should be muted or active.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange": { + "additionalProperties": false, + "description": "DayOfMonthRange is an inclusive range of days of the month beginning at 1", + "properties": { + "end": { + "description": "End of the inclusive range", + "format": "int32", + "type": "integer" + }, + "start": { + "description": "Start of the inclusive range", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig": { + "additionalProperties": false, + "description": "EmailConfig configures notifications via Email.", + "properties": { + "authIdentity": { + "description": "The identity to use for authentication.", + "type": "string" + }, + "authPassword": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "authSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "authUsername": { + "description": "The username to use for authentication.", + "type": "string" + }, + "from": { + "description": "The sender address.", + "type": "string" + }, + "headers": { + "description": "Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "hello": { + "description": "The hostname to identify to the SMTP server.", + "type": "string" + }, + "html": { + "description": "The HTML body of the email notification.", + "type": "string" + }, + "requireTLS": { + "description": "The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "smarthost": { + "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", + "type": "string" + }, + "text": { + "description": "The text body of the email notification.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig", + "description": "TLS configuration" + }, + "to": { + "description": "The email address to send notifications to.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig": { + "additionalProperties": false, + "description": "HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+." + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence." + }, + "bearerTokenSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 client credentials used to fetch a token for the targets." + }, + "proxyURL": { + "description": "Optional proxy URL.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig", + "description": "TLS configuration for the client." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule": { + "additionalProperties": false, + "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", + "properties": { + "equal": { + "description": "Labels that must have an equal value in the source and target alert for the inhibition to take effect.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sourceMatch": { + "description": "Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "targetMatch": { + "description": "Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue": { + "additionalProperties": false, + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "default": "", + "description": "Key of the tuple.", + "type": "string" + }, + "value": { + "default": "", + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher": { + "additionalProperties": false, + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex match) or `!~` (not regex match). Negative operators (`!=` and `!~`) require Alertmanager \u003e= v0.22.0.", + "type": "string" + }, + "name": { + "default": "", + "description": "Label to match.", + "type": "string" + }, + "value": { + "default": "", + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig": { + "additionalProperties": false, + "description": "OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", + "properties": { + "actions": { + "description": "Comma separated list of actions that will be available for the alert.", + "type": "string" + }, + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "apiURL": { + "description": "The URL to send OpsGenie API requests to.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entity": { + "description": "Optional field that can be used to specify which domain alert is related to.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "Alert text limited to 130 characters.", + "type": "string" + }, + "note": { + "description": "Additional alert note.", + "type": "string" + }, + "priority": { + "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", + "type": "string" + }, + "responders": { + "description": "List of responders responsible for notifications.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder", + "default": {} + }, + "type": "array" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "source": { + "description": "Backlink to the sender of the notification.", + "type": "string" + }, + "tags": { + "description": "Comma separated list of tags attached to the notifications.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder": { + "additionalProperties": false, + "description": "OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.", + "properties": { + "id": { + "description": "ID of the responder.", + "type": "string" + }, + "name": { + "description": "Name of the responder.", + "type": "string" + }, + "type": { + "default": "", + "description": "Type of responder.", + "type": "string" + }, + "username": { + "description": "Username of the responder.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig": { + "additionalProperties": false, + "description": "PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", + "properties": { + "class": { + "description": "The class/type of the event.", + "type": "string" + }, + "client": { + "description": "Client identification.", + "type": "string" + }, + "clientURL": { + "description": "Backlink to the sender of notification.", + "type": "string" + }, + "component": { + "description": "The part or component of the affected system that is broken.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "Arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "group": { + "description": "A cluster or grouping of sources.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "pagerDutyImageConfigs": { + "description": "A list of image details to attach that provide further detail about an incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig", + "default": {} + }, + "type": "array" + }, + "pagerDutyLinkConfigs": { + "description": "A list of link details to attach that provide further detail about an incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig", + "default": {} + }, + "type": "array" + }, + "routingKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "serviceKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "severity": { + "description": "Severity of the incident.", + "type": "string" + }, + "url": { + "description": "The URL to send requests to.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig": { + "additionalProperties": false, + "description": "PagerDutyImageConfig attaches images to an incident", + "properties": { + "alt": { + "description": "Alt is the optional alternative text for the image.", + "type": "string" + }, + "href": { + "description": "Optional URL; makes the image a clickable link.", + "type": "string" + }, + "src": { + "description": "Src of the image being attached to the incident", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig": { + "additionalProperties": false, + "description": "PagerDutyLinkConfig attaches text links to an incident", + "properties": { + "alt": { + "description": "Text that describes the purpose of the link, and can be used as the link's text.", + "type": "string" + }, + "href": { + "description": "Href is the URL of the link to be attached", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig": { + "additionalProperties": false, + "description": "PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", + "properties": { + "expire": { + "description": "How long your notification will continue to be retried for, unless the user acknowledges the notification.", + "type": "string" + }, + "html": { + "description": "Whether notification message is HTML or plain text.", + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "Notification message.", + "type": "string" + }, + "priority": { + "description": "Priority, see https://pushover.net/api#priority", + "type": "string" + }, + "retry": { + "description": "How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sound": { + "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", + "type": "string" + }, + "title": { + "description": "Notification title.", + "type": "string" + }, + "token": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "url": { + "description": "A supplementary URL shown alongside the message.", + "type": "string" + }, + "urlTitle": { + "description": "A title for supplementary URL, otherwise just the URL is shown", + "type": "string" + }, + "userKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver": { + "additionalProperties": false, + "description": "Receiver defines one or more notification integrations.", + "properties": { + "emailConfigs": { + "description": "List of Email configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "description": "Name of the receiver. Must be unique across all items from the list.", + "type": "string" + }, + "opsgenieConfigs": { + "description": "List of OpsGenie configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig", + "default": {} + }, + "type": "array" + }, + "pagerdutyConfigs": { + "description": "List of PagerDuty configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig", + "default": {} + }, + "type": "array" + }, + "pushoverConfigs": { + "description": "List of Pushover configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig", + "default": {} + }, + "type": "array" + }, + "slackConfigs": { + "description": "List of Slack configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig", + "default": {} + }, + "type": "array" + }, + "snsConfigs": { + "description": "List of SNS configurations", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig", + "default": {} + }, + "type": "array" + }, + "telegramConfigs": { + "description": "List of Telegram configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig", + "default": {} + }, + "type": "array" + }, + "victoropsConfigs": { + "description": "List of VictorOps configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig", + "default": {} + }, + "type": "array" + }, + "webhookConfigs": { + "description": "List of webhook configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig", + "default": {} + }, + "type": "array" + }, + "wechatConfigs": { + "description": "List of WeChat configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route": { + "additionalProperties": false, + "description": "Route defines a node in the routing tree.", + "properties": { + "continue": { + "description": "Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.", + "type": "boolean" + }, + "groupBy": { + "description": "List of labels to group by. Labels must not be repeated (unique list). Special label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "groupInterval": { + "description": "How long to wait before sending an updated notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"5m\"", + "type": "string" + }, + "groupWait": { + "description": "How long to wait before sending the initial notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"30s\"", + "type": "string" + }, + "matchers": { + "description": "List of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: \u003cobject namespace\u003e` matcher.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "muteTimeIntervals": { + "description": "Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn't support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can't validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "receiver": { + "default": "", + "description": "Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.", + "type": "string" + }, + "repeatInterval": { + "description": "How long to wait before repeating the last notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"4h\"", + "type": "string" + }, + "routes": { + "description": "Child routes.", + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig": { + "additionalProperties": false, + "description": "SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", + "properties": { + "apiURL": { + "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.", + "type": "string" + }, + "attributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "SNS message attributes.", + "type": "object" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "The message content of the SNS notification.", + "type": "string" + }, + "phoneNumber": { + "description": "Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sigv4": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4", + "description": "Configures AWS's Signature Verification 4 signing process to sign requests." + }, + "subject": { + "description": "Subject line when the message is delivered to email endpoints.", + "type": "string" + }, + "targetARN": { + "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", + "type": "string" + }, + "topicARN": { + "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector": { + "additionalProperties": false, + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "default": "", + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "The name of the secret in the object's namespace to select from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction": { + "additionalProperties": false, + "description": "SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.", + "properties": { + "confirm": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField" + }, + "name": { + "type": "string" + }, + "style": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "type": { + "default": "", + "type": "string" + }, + "url": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "type", + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig": { + "additionalProperties": false, + "description": "SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config", + "properties": { + "actions": { + "description": "A list of Slack actions that are sent with each notification.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction", + "default": {} + }, + "type": "array" + }, + "apiURL": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "callbackId": { + "type": "string" + }, + "channel": { + "description": "The channel or user to send notifications to.", + "type": "string" + }, + "color": { + "type": "string" + }, + "fallback": { + "type": "string" + }, + "fields": { + "description": "A list of Slack fields that are sent with each notification.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField", + "default": {} + }, + "type": "array" + }, + "footer": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "iconEmoji": { + "type": "string" + }, + "iconURL": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "linkNames": { + "type": "boolean" + }, + "mrkdwnIn": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "pretext": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField": { + "additionalProperties": false, + "description": "SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.", + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField": { + "additionalProperties": false, + "description": "SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.", + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "title", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig": { + "additionalProperties": false, + "description": "TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", + "properties": { + "apiURL": { + "description": "The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.", + "type": "string" + }, + "botToken": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "Telegram bot token The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "chatID": { + "description": "The Telegram chat ID.", + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "description": "Disable telegram notifications", + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "Message template", + "type": "string" + }, + "parseMode": { + "description": "Parse mode for telegram message", + "type": "string" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval": { + "additionalProperties": false, + "description": "TimeInterval specifies the periods in time when notifications will be muted or active.", + "properties": { + "name": { + "description": "Name of the time interval.", + "type": "string" + }, + "timeIntervals": { + "description": "TimeIntervals is a list of TimePeriod.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod": { + "additionalProperties": false, + "description": "TimePeriod describes periods of time.", + "properties": { + "daysOfMonth": { + "description": "DaysOfMonth is a list of DayOfMonthRange", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange", + "default": {} + }, + "type": "array" + }, + "months": { + "description": "Months is a list of MonthRange", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "times": { + "description": "Times is a list of TimeRange", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange", + "default": {} + }, + "type": "array" + }, + "weekdays": { + "description": "Weekdays is a list of WeekdayRange", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "years": { + "description": "Years is a list of YearRange", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange": { + "additionalProperties": false, + "description": "TimeRange defines a start and end time in 24hr format", + "properties": { + "endTime": { + "description": "EndTime is the end time in 24hr format.", + "type": "string" + }, + "startTime": { + "description": "StartTime is the start time in 24hr format.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig": { + "additionalProperties": false, + "description": "VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", + "properties": { + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "apiUrl": { + "description": "The VictorOps API URL.", + "type": "string" + }, + "customFields": { + "description": "Additional custom fields for notification.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entityDisplayName": { + "description": "Contains summary of the alerted problem.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "The HTTP client's configuration." + }, + "messageType": { + "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", + "type": "string" + }, + "monitoringTool": { + "description": "The monitoring tool the state message is from.", + "type": "string" + }, + "routingKey": { + "default": "", + "description": "A key used to map the alert to a team.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "stateMessage": { + "description": "Contains long explanation of the alerted problem.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig": { + "additionalProperties": false, + "description": "WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", + "properties": { + "agentID": { + "type": "string" + }, + "apiSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "apiURL": { + "description": "The WeChat API URL.", + "type": "string" + }, + "corpID": { + "description": "The corp id for authentication.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "API request data as defined by the WeChat API.", + "type": "string" + }, + "messageType": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "toParty": { + "type": "string" + }, + "toTag": { + "type": "string" + }, + "toUser": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig": { + "additionalProperties": false, + "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "maxAlerts": { + "description": "Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.", + "format": "int32", + "type": "integer" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "url": { + "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined.", + "type": "string" + }, + "urlSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "additionalProperties": false, + "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Affinity": { + "additionalProperties": false, + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAffinity", + "description": "Describes node affinity scheduling rules for the pod." + }, + "podAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinity", + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + }, + "podAntiAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAntiAffinity", + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "additionalProperties": false, + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "additionalProperties": false, + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIVolumeSource": { + "additionalProperties": false, + "description": "Represents a source location of a volume to mount, managed by an external CSI driver", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Capabilities": { + "additionalProperties": false, + "description": "Adds and removes POSIX capabilities from running containers.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.CephFSVolumeSource": { + "additionalProperties": false, + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderVolumeSource": { + "additionalProperties": false, + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapEnvSource": { + "additionalProperties": false, + "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapKeySelector": { + "additionalProperties": false, + "description": "Selects a key from a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ConfigMapProjection": { + "additionalProperties": false, + "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "additionalProperties": false, + "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Container": { + "additionalProperties": false, + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "type": "array" + }, + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\n", + "type": "string" + }, + "lifecycle": { + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle", + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + }, + "livenessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext", + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + }, + "startupProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\n", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerPort": { + "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "type": "string" + }, + "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".\n\n", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIProjection": { + "additionalProperties": false, + "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector", + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector", + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "additionalProperties": false, + "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "additionalProperties": false, + "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvFromSource": { + "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "properties": { + "configMapRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapEnvSource", + "description": "The ConfigMap to select from" + }, + "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretEnvSource", + "description": "The Secret to select from" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvVar": { + "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "type": "string" + }, + "valueFrom": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVarSource", + "description": "Source for the environment variable's value. Cannot be used if value is not empty." + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EnvVarSource": { + "additionalProperties": false, + "description": "EnvVarSource represents a source for the value of an EnvVar.", + "properties": { + "configMapKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector", + "description": "Selects a key of a ConfigMap." + }, + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector", + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector", + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + }, + "secretKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Selects a key of a secret in the pod's namespace" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "additionalProperties": false, + "description": "Represents an ephemeral volume that is handled by a normal storage driver.", + "properties": { + "volumeClaimTemplate": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimTemplate", + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ExecAction": { + "additionalProperties": false, + "description": "ExecAction describes a \"run in container\" action.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FCVolumeSource": { + "additionalProperties": false, + "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FlexVolumeSource": { + "additionalProperties": false, + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlockerVolumeSource": { + "additionalProperties": false, + "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GRPCAction": { + "additionalProperties": false, + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "additionalProperties": false, + "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", + "type": "string" + }, + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "additionalProperties": false, + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPGetAction": { + "additionalProperties": false, + "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPHeader" + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + }, + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.\n\n", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPHeader": { + "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostPathVolumeSource": { + "additionalProperties": false, + "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "additionalProperties": false, + "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", + "type": "string" + }, + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.KeyToPath": { + "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Lifecycle": { + "additionalProperties": false, + "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", + "properties": { + "postStart": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler", + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + }, + "preStop": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler", + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LifecycleHandler": { + "additionalProperties": false, + "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction", + "description": "Exec specifies the action to take." + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction", + "description": "HTTPGet specifies the http request to perform." + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NFSVolumeSource": { + "additionalProperties": false, + "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "server", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeAffinity": { + "additionalProperties": false, + "description": "Node affinity is a group of node affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PreferredSchedulingTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector", + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelector": { + "additionalProperties": false, + "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\n", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelectorTerm": { + "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectFieldSelector": { + "additionalProperties": false, + "description": "ObjectFieldSelector selects an APIVersioned field of an object.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { + "additionalProperties": false, + "description": "PersistentVolumeClaimCondition contails details about state of pvc", + "properties": { + "lastProbeTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "lastProbeTime is the time we probed the condition." + }, + "lastTransitionTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "lastTransitionTime is the time the condition transitioned from one status to another." + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.", + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "additionalProperties": false, + "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference", + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + }, + "dataSourceRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference", + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "selector is a label query over volumes to consider for binding." + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "additionalProperties": false, + "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "allocatedResources": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimCondition" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.\n\n", + "type": "string" + }, + "resizeStatus": { + "description": "resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "additionalProperties": false, + "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", + "properties": { + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "additionalProperties": false, + "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a Photon Controller persistent disk resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinity": { + "additionalProperties": false, + "description": "Pod affinity is a group of inter pod affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinityTerm": { + "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A label query over a set of resources, in this case pods." + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAntiAffinity": { + "additionalProperties": false, + "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodSecurityContext": { + "additionalProperties": false, + "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", + "properties": { + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions", + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile", + "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl" + }, + "type": "array" + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions", + "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PortworxVolumeSource": { + "additionalProperties": false, + "description": "PortworxVolumeSource represents a Portworx volume resource.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PreferredSchedulingTerm": { + "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm", + "description": "A node selector term, associated with the corresponding weight." + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "preference" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Probe": { + "additionalProperties": false, + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction", + "description": "Exec specifies the action to take." + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction", + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction", + "description": "HTTPGet specifies the http request to perform." + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction", + "description": "TCPSocket specifies an action involving a TCP port." + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "additionalProperties": false, + "description": "Represents a projected volume source", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "additionalProperties": false, + "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", + "properties": { + "group": { + "description": "group to map volume access to Default is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to Defaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDVolumeSource": { + "additionalProperties": false, + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "additionalProperties": false, + "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "description": "Specifies the output format of the exposed resources, defaults to \"1\"" + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "additionalProperties": false, + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "limits": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SELinuxOptions": { + "additionalProperties": false, + "description": "SELinuxOptions are the labels to be applied to the container", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "additionalProperties": false, + "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SeccompProfile": { + "additionalProperties": false, + "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\n", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "io.k8s.api.core.v1.SecretEnvSource": { + "additionalProperties": false, + "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretKeySelector": { + "additionalProperties": false, + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretProjection": { + "additionalProperties": false, + "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "additionalProperties": false, + "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecurityContext": { + "additionalProperties": false, + "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities", + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + }, + "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions", + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile", + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions", + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "additionalProperties": false, + "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "additionalProperties": false, + "description": "Represents a StorageOS persistent volume resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Sysctl": { + "additionalProperties": false, + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TCPSocketAction": { + "additionalProperties": false, + "description": "TCPSocketAction describes an action based on opening a socket", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Toleration": { + "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.TopologySpreadConstraint": { + "additionalProperties": false, + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.\n\n", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "additionalProperties": false, + "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.Volume": { + "additionalProperties": false, + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource", + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + }, + "azureDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource", + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + }, + "azureFile": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource", + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + }, + "cephfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource", + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + }, + "cinder": { + "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource", + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + }, + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource", + "description": "configMap represents a configMap that should populate this volume" + }, + "csi": { + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource", + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource", + "description": "downwardAPI represents downward API about the pod that should populate this volume" + }, + "emptyDir": { + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource", + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + }, + "ephemeral": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource", + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time." + }, + "fc": { + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource", + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + }, + "flexVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource", + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + }, + "flocker": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource", + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + }, + "gcePersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource", + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + }, + "gitRepo": { + "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource", + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + }, + "glusterfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource", + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + }, + "hostPath": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource", + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + }, + "iscsi": { + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource", + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + }, + "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource", + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + }, + "persistentVolumeClaim": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource", + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "photonPersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource", + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + }, + "portworxVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource", + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + }, + "projected": { + "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource", + "description": "projected items for all in one resources secrets, configmaps, and downward API" + }, + "quobyte": { + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource", + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + }, + "rbd": { + "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource", + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + }, + "scaleIO": { + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource", + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource", + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + }, + "storageos": { + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource", + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + }, + "vsphereVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource", + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeDevice": { + "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "name", + "devicePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMount": { + "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "type": "boolean" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeProjection": { + "additionalProperties": false, + "description": "Projection that may be projected along with other supported volume types", + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapProjection", + "description": "configMap information about the configMap data to project" + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIProjection", + "description": "downwardAPI information about the downwardAPI data to project" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretProjection", + "description": "secret information about the secret data to project" + }, + "serviceAccountToken": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccountTokenProjection", + "description": "serviceAccountToken is information about the serviceAccountToken data to project" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a vSphere volume resource.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WeightedPodAffinityTerm": { + "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm", + "description": "Required. A pod affinity term, associated with the corresponding weight." + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "podAffinityTerm" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WindowsSecurityContextOptions": { + "additionalProperties": false, + "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON": { + "description": "JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { + "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "default": "", + "description": "key is the label key that the selector applies to.", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { + "additionalProperties": false, + "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", + "type": "string" + }, + "fieldsType": { + "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", + "type": "string" + }, + "fieldsV1": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1", + "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type." + }, + "manager": { + "description": "Manager is an identifier of the workflow managing these fields.", + "type": "string" + }, + "operation": { + "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", + "type": "string" + }, + "subresource": { + "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", + "type": "string" + }, + "time": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over." + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "creationTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "default": {}, + "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "deletionGracePeriodSeconds": { + "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", + "format": "int64", + "type": "integer" + }, + "deletionTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "generation": { + "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", + "format": "int64", + "type": "integer" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "managedFields": { + "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry", + "default": {} + }, + "type": "array" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference", + "default": {} + }, + "type": "array", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + }, + "resourceVersion": { + "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { + "additionalProperties": false, + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", + "properties": { + "apiVersion": { + "default": "", + "description": "API version of the referent.", + "type": "string" + }, + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" + }, + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" + }, + "kind": { + "default": "", + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "default": "", + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager": { + "additionalProperties": false, + "description": "Alertmanager describes an Alertmanager cluster.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerSpec", + "default": {}, + "description": "Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor": { + "additionalProperties": false, + "description": "PodMonitor defines monitoring for a set of pods.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec", + "default": {}, + "description": "Specification of desired Pod selection for target discovery by Prometheus." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe": { + "additionalProperties": false, + "description": "Probe defines monitoring for a set of static targets or ingresses.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeSpec", + "default": {}, + "description": "Specification of desired Ingress selection for target discovery by Prometheus." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus": { + "additionalProperties": false, + "description": "Prometheus defines a Prometheus deployment.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusSpec", + "default": {}, + "description": "Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule": { + "additionalProperties": false, + "description": "PrometheusRule defines recording and alerting rules for a Prometheus instance", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec", + "default": {}, + "description": "Specification of desired alerting rule definitions for Prometheus." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor": { + "additionalProperties": false, + "description": "ServiceMonitor defines monitoring for a set of services.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitorSpec", + "default": {}, + "description": "Specification of desired Service selection for target discovery by Prometheus." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler": { + "additionalProperties": false, + "description": "ThanosRuler defines a ThanosRuler deployment.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRulerSpec", + "default": {}, + "description": "Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig": { + "additionalProperties": false, + "description": "AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "alertmanagerconfigs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "alertmanagers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "podmonitors": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "probes": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "prometheuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "prometheusrules": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "servicemonitors": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "thanosrulers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + } + }, + "properties": { + "alertmanagerconfigs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + } + }, + "type": "object" + }, + "alertmanagers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "probes": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe" + } + }, + "type": "object" + }, + "prometheuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus" + } + }, + "type": "object" + }, + "prometheusrules": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + } + }, + "type": "object" + }, + "servicemonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "alertmanagerconfigs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "alertmanagers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "podmonitors": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "probes": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "prometheuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "prometheusrules": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "servicemonitors": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "thanosrulers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "thanosrulers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-prometheus-operator/values.schema.json b/charts/meta-prometheus-operator/values.schema.json new file mode 100644 index 0000000..b543055 --- /dev/null +++ b/charts/meta-prometheus-operator/values.schema.json @@ -0,0 +1,5805 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "com.coreos.monitoring.pkg.apis.monitoring.v1.APIServerConfig": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerToken": { + "type": "string" + }, + "bearerTokenFile": { + "type": "string" + }, + "host": { + "default": "", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + } + }, + "required": [ + "host" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertingSpec": { + "additionalProperties": false, + "properties": { + "alertmanagers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerEndpoints", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "alertmanagers" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerConfiguration": { + "additionalProperties": false, + "properties": { + "global": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerGlobalConfig" + }, + "name": { + "type": "string" + }, + "templates": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerEndpoints": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "bearerTokenFile": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "default": "", + "type": "string" + }, + "pathPrefix": { + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "default": {} + }, + "scheme": { + "type": "string" + }, + "timeout": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + } + }, + "required": [ + "namespace", + "name", + "port" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerGlobalConfig": { + "additionalProperties": false, + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HTTPConfig" + }, + "resolveTimeout": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerSpec": { + "additionalProperties": false, + "properties": { + "additionalPeers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity" + }, + "alertmanagerConfigNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "alertmanagerConfigSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "alertmanagerConfiguration": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerConfiguration" + }, + "baseImage": { + "type": "string" + }, + "clusterAdvertiseAddress": { + "type": "string" + }, + "clusterGossipInterval": { + "type": "string" + }, + "clusterPeerTimeout": { + "type": "string" + }, + "clusterPushpullInterval": { + "type": "string" + }, + "configMaps": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "configSecret": { + "type": "string" + }, + "containers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "externalUrl": { + "type": "string" + }, + "forceEnableClusterMode": { + "type": "boolean" + }, + "hostAliases": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "image": { + "type": "string" + }, + "imagePullSecrets": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "default": {} + }, + "type": "array" + }, + "initContainers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "listenLocal": { + "type": "boolean" + }, + "logFormat": { + "type": "string" + }, + "logLevel": { + "type": "string" + }, + "minReadySeconds": { + "format": "int64", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "paused": { + "type": "boolean" + }, + "podMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata" + }, + "portName": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "replicas": { + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {} + }, + "retention": { + "type": "string" + }, + "routePrefix": { + "type": "string" + }, + "secrets": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "serviceAccountName": { + "type": "string" + }, + "sha": { + "type": "string" + }, + "storage": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec" + }, + "tag": { + "type": "string" + }, + "tolerations": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + }, + "topologySpreadConstraints": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint", + "default": {} + }, + "type": "array" + }, + "version": { + "type": "string" + }, + "volumeMounts": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + }, + "volumes": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + }, + "web": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerWebSpec" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerWebSpec": { + "additionalProperties": false, + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPConfig" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ArbitraryFSAccessThroughSMsConfig": { + "additionalProperties": false, + "properties": { + "deny": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Argument": { + "additionalProperties": false, + "properties": { + "name": { + "default": "", + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata": { + "additionalProperties": false, + "properties": { + "node": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization": { + "additionalProperties": false, + "properties": { + "credentials": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "credentialsFile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth": { + "additionalProperties": false, + "properties": { + "password": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "username": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedPersistentVolumeClaim": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata", + "default": {} + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "default": {} + }, + "status": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimStatus", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Endpoint": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenFile": { + "type": "string" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "enableHttp2": { + "type": "boolean" + }, + "followRedirects": { + "type": "boolean" + }, + "honorLabels": { + "type": "boolean" + }, + "honorTimestamps": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "metricRelabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "params": { + "additionalProperties": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "port": { + "type": "string" + }, + "proxyUrl": { + "type": "string" + }, + "relabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "scheme": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Exemplars": { + "additionalProperties": false, + "properties": { + "maxSize": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.HTTPConfig": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "followRedirects": { + "type": "boolean" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "proxyURL": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias": { + "additionalProperties": false, + "properties": { + "hostnames": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "ip": { + "default": "", + "type": "string" + } + }, + "required": [ + "ip", + "hostnames" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.MetadataConfig": { + "additionalProperties": false, + "properties": { + "send": { + "type": "boolean" + }, + "sendInterval": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector": { + "additionalProperties": false, + "properties": { + "any": { + "type": "boolean" + }, + "matchNames": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2": { + "additionalProperties": false, + "properties": { + "clientId": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "clientSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "endpointParams": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "scopes": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "default": "", + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ObjectReference": { + "additionalProperties": false, + "properties": { + "group": { + "default": "", + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "default": "", + "type": "string" + }, + "resource": { + "default": "", + "type": "string" + } + }, + "required": [ + "resource", + "namespace" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "enableHttp2": { + "type": "boolean" + }, + "filterRunning": { + "type": "boolean" + }, + "followRedirects": { + "type": "boolean" + }, + "honorLabels": { + "type": "boolean" + }, + "honorTimestamps": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "metricRelabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "params": { + "additionalProperties": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "port": { + "type": "string" + }, + "proxyUrl": { + "type": "string" + }, + "relabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "scheme": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig": { + "additionalProperties": false, + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec": { + "additionalProperties": false, + "properties": { + "attachMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata" + }, + "jobLabel": { + "type": "string" + }, + "labelLimit": { + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {} + }, + "podMetricsEndpoints": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint", + "default": {} + }, + "type": "array" + }, + "podTargetLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "format": "int64", + "type": "integer" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {} + }, + "targetLimit": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "podMetricsEndpoints", + "selector" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeSpec": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "interval": { + "type": "string" + }, + "jobName": { + "type": "string" + }, + "labelLimit": { + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "format": "int64", + "type": "integer" + }, + "metricRelabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "module": { + "type": "string" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "prober": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProberSpec", + "default": {} + }, + "sampleLimit": { + "format": "int64", + "type": "integer" + }, + "scrapeTimeout": { + "type": "string" + }, + "targetLimit": { + "format": "int64", + "type": "integer" + }, + "targets": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargets", + "default": {} + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTLSConfig": { + "additionalProperties": false, + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetIngress": { + "additionalProperties": false, + "properties": { + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {} + }, + "relabelingConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetStaticConfig": { + "additionalProperties": false, + "properties": { + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "relabelingConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "static": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargets": { + "additionalProperties": false, + "properties": { + "ingress": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetIngress" + }, + "staticConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeTargetStaticConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ProberSpec": { + "additionalProperties": false, + "properties": { + "path": { + "type": "string" + }, + "proxyUrl": { + "type": "string" + }, + "scheme": { + "type": "string" + }, + "url": { + "default": "", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleExcludeConfig": { + "additionalProperties": false, + "properties": { + "ruleName": { + "default": "", + "type": "string" + }, + "ruleNamespace": { + "default": "", + "type": "string" + } + }, + "required": [ + "ruleNamespace", + "ruleName" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec": { + "additionalProperties": false, + "properties": { + "groups": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusSpec": { + "additionalProperties": false, + "properties": { + "additionalAlertManagerConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "additionalAlertRelabelConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "additionalArgs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Argument", + "default": {} + }, + "type": "array" + }, + "additionalScrapeConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity" + }, + "alerting": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertingSpec" + }, + "allowOverlappingBlocks": { + "type": "boolean" + }, + "apiserverConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.APIServerConfig" + }, + "arbitraryFSAccessThroughSMs": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ArbitraryFSAccessThroughSMsConfig", + "default": {} + }, + "baseImage": { + "type": "string" + }, + "configMaps": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "containers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "disableCompaction": { + "type": "boolean" + }, + "enableAdminAPI": { + "type": "boolean" + }, + "enableFeatures": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "enableRemoteWriteReceiver": { + "type": "boolean" + }, + "enforcedBodySizeLimit": { + "type": "string" + }, + "enforcedLabelLimit": { + "format": "int64", + "type": "integer" + }, + "enforcedLabelNameLengthLimit": { + "format": "int64", + "type": "integer" + }, + "enforcedLabelValueLengthLimit": { + "format": "int64", + "type": "integer" + }, + "enforcedNamespaceLabel": { + "type": "string" + }, + "enforcedSampleLimit": { + "format": "int64", + "type": "integer" + }, + "enforcedTargetLimit": { + "format": "int64", + "type": "integer" + }, + "evaluationInterval": { + "type": "string" + }, + "excludedFromEnforcement": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ObjectReference", + "default": {} + }, + "type": "array" + }, + "exemplars": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Exemplars" + }, + "externalLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "externalUrl": { + "type": "string" + }, + "hostAliases": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "hostNetwork": { + "type": "boolean" + }, + "ignoreNamespaceSelectors": { + "type": "boolean" + }, + "image": { + "type": "string" + }, + "imagePullSecrets": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "default": {} + }, + "type": "array" + }, + "initContainers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "listenLocal": { + "type": "boolean" + }, + "logFormat": { + "type": "string" + }, + "logLevel": { + "type": "string" + }, + "minReadySeconds": { + "format": "int64", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "overrideHonorLabels": { + "type": "boolean" + }, + "overrideHonorTimestamps": { + "type": "boolean" + }, + "paused": { + "type": "boolean" + }, + "podMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata" + }, + "podMonitorNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "podMonitorSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "portName": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "probeNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "probeSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "prometheusExternalLabelName": { + "type": "string" + }, + "prometheusRulesExcludedFromEnforce": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleExcludeConfig", + "default": {} + }, + "type": "array" + }, + "query": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.QuerySpec" + }, + "queryLogFile": { + "type": "string" + }, + "remoteRead": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteReadSpec", + "default": {} + }, + "type": "array" + }, + "remoteWrite": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteWriteSpec", + "default": {} + }, + "type": "array" + }, + "replicaExternalLabelName": { + "type": "string" + }, + "replicas": { + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {} + }, + "retention": { + "type": "string" + }, + "retentionSize": { + "type": "string" + }, + "routePrefix": { + "type": "string" + }, + "ruleNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "ruleSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "rules": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Rules", + "default": {} + }, + "scrapeInterval": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "secrets": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "serviceAccountName": { + "type": "string" + }, + "serviceMonitorNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "serviceMonitorSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "sha": { + "type": "string" + }, + "shards": { + "format": "int32", + "type": "integer" + }, + "storage": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec" + }, + "tag": { + "type": "string" + }, + "thanos": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosSpec" + }, + "tolerations": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + }, + "topologySpreadConstraints": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint", + "default": {} + }, + "type": "array" + }, + "tsdb": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TSDBSpec", + "default": {} + }, + "version": { + "type": "string" + }, + "volumeMounts": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + }, + "volumes": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + }, + "walCompression": { + "type": "boolean" + }, + "web": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusWebSpec" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusWebSpec": { + "additionalProperties": false, + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPConfig" + }, + "pageTitle": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.QuerySpec": { + "additionalProperties": false, + "properties": { + "lookbackDelta": { + "type": "string" + }, + "maxConcurrency": { + "format": "int32", + "type": "integer" + }, + "maxSamples": { + "format": "int32", + "type": "integer" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.QueueConfig": { + "additionalProperties": false, + "properties": { + "batchSendDeadline": { + "type": "string" + }, + "capacity": { + "format": "int32", + "type": "integer" + }, + "maxBackoff": { + "type": "string" + }, + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "maxSamplesPerSend": { + "format": "int32", + "type": "integer" + }, + "maxShards": { + "format": "int32", + "type": "integer" + }, + "minBackoff": { + "type": "string" + }, + "minShards": { + "format": "int32", + "type": "integer" + }, + "retryOnRateLimit": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig": { + "additionalProperties": false, + "properties": { + "action": { + "type": "string" + }, + "modulus": { + "format": "int64", + "type": "integer" + }, + "regex": { + "type": "string" + }, + "replacement": { + "type": "string" + }, + "separator": { + "type": "string" + }, + "sourceLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteReadSpec": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerToken": { + "type": "string" + }, + "bearerTokenFile": { + "type": "string" + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "proxyUrl": { + "type": "string" + }, + "readRecent": { + "type": "boolean" + }, + "remoteTimeout": { + "type": "string" + }, + "requiredMatchers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + }, + "url": { + "default": "", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RemoteWriteSpec": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Authorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerToken": { + "type": "string" + }, + "bearerTokenFile": { + "type": "string" + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "metadataConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.MetadataConfig" + }, + "name": { + "type": "string" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "proxyUrl": { + "type": "string" + }, + "queueConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.QueueConfig" + }, + "remoteTimeout": { + "type": "string" + }, + "sendExemplars": { + "type": "boolean" + }, + "sigv4": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + }, + "url": { + "default": "", + "type": "string" + }, + "writeRelabelConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Rule": { + "additionalProperties": false, + "properties": { + "alert": { + "type": "string" + }, + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "expr": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "default": {} + }, + "for": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "record": { + "type": "string" + } + }, + "required": [ + "expr" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup": { + "additionalProperties": false, + "properties": { + "interval": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "partial_response_strategy": { + "type": "string" + }, + "rules": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Rule", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name", + "rules" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Rules": { + "additionalProperties": false, + "properties": { + "alert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RulesAlert", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RulesAlert": { + "additionalProperties": false, + "properties": { + "forGracePeriod": { + "type": "string" + }, + "forOutageTolerance": { + "type": "string" + }, + "resendDelay": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization": { + "additionalProperties": false, + "properties": { + "credentials": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig": { + "additionalProperties": false, + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitorSpec": { + "additionalProperties": false, + "properties": { + "endpoints": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Endpoint", + "default": {} + }, + "type": "array" + }, + "jobLabel": { + "type": "string" + }, + "labelLimit": { + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {} + }, + "podTargetLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "format": "int64", + "type": "integer" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {} + }, + "targetLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "targetLimit": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "endpoints", + "selector" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4": { + "additionalProperties": false, + "properties": { + "accessKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + }, + "secretKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec": { + "additionalProperties": false, + "properties": { + "disableMountSubPath": { + "type": "boolean" + }, + "emptyDir": { + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" + }, + "ephemeral": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" + }, + "volumeClaimTemplate": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedPersistentVolumeClaim", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig": { + "additionalProperties": false, + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "caFile": { + "type": "string" + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "certFile": { + "type": "string" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keyFile": { + "type": "string" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.TSDBSpec": { + "additionalProperties": false, + "properties": { + "outOfOrderTimeWindow": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRulerSpec": { + "additionalProperties": false, + "properties": { + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity" + }, + "alertDropLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "alertQueryUrl": { + "type": "string" + }, + "alertRelabelConfigFile": { + "type": "string" + }, + "alertRelabelConfigs": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "alertmanagersConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "alertmanagersUrl": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "containers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "enforcedNamespaceLabel": { + "type": "string" + }, + "evaluationInterval": { + "type": "string" + }, + "excludedFromEnforcement": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ObjectReference", + "default": {} + }, + "type": "array" + }, + "externalPrefix": { + "type": "string" + }, + "grpcServerTlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + }, + "hostAliases": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.HostAlias", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "image": { + "type": "string" + }, + "imagePullSecrets": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "default": {} + }, + "type": "array" + }, + "initContainers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Container", + "default": {} + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "listenLocal": { + "type": "boolean" + }, + "logFormat": { + "type": "string" + }, + "logLevel": { + "type": "string" + }, + "minReadySeconds": { + "format": "int64", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "objectStorageConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "objectStorageConfigFile": { + "type": "string" + }, + "paused": { + "type": "boolean" + }, + "podMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.EmbeddedObjectMetadata" + }, + "portName": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "prometheusRulesExcludedFromEnforce": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleExcludeConfig", + "default": {} + }, + "type": "array" + }, + "queryConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "queryEndpoints": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "replicas": { + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {} + }, + "retention": { + "type": "string" + }, + "routePrefix": { + "type": "string" + }, + "ruleNamespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "ruleSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "serviceAccountName": { + "type": "string" + }, + "storage": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.StorageSpec" + }, + "tolerations": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + }, + "topologySpreadConstraints": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint", + "default": {} + }, + "type": "array" + }, + "tracingConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "tracingConfigFile": { + "type": "string" + }, + "volumes": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosSpec": { + "additionalProperties": false, + "properties": { + "additionalArgs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Argument", + "default": {} + }, + "type": "array" + }, + "baseImage": { + "type": "string" + }, + "grpcListenLocal": { + "type": "boolean" + }, + "grpcServerTlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.TLSConfig" + }, + "httpListenLocal": { + "type": "boolean" + }, + "image": { + "type": "string" + }, + "listenLocal": { + "type": "boolean" + }, + "logFormat": { + "type": "string" + }, + "logLevel": { + "type": "string" + }, + "minTime": { + "type": "string" + }, + "objectStorageConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "objectStorageConfigFile": { + "type": "string" + }, + "readyTimeout": { + "type": "string" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "default": {} + }, + "sha": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "tracingConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "tracingConfigFile": { + "type": "string" + }, + "version": { + "type": "string" + }, + "volumeMounts": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPConfig": { + "additionalProperties": false, + "properties": { + "headers": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPHeaders" + }, + "http2": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.WebHTTPHeaders": { + "additionalProperties": false, + "properties": { + "contentSecurityPolicy": { + "type": "string" + }, + "strictTransportSecurity": { + "type": "string" + }, + "xContentTypeOptions": { + "type": "string" + }, + "xFrameOptions": { + "type": "string" + }, + "xXSSProtection": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.WebTLSConfig": { + "additionalProperties": false, + "properties": { + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "cipherSuites": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "clientAuthType": { + "type": "string" + }, + "client_ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "curvePreferences": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "maxVersion": { + "type": "string" + }, + "minVersion": { + "type": "string" + }, + "preferServerCipherSuites": { + "type": "boolean" + } + }, + "required": [ + "keySecret", + "cert" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec": { + "additionalProperties": false, + "properties": { + "inhibitRules": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule", + "default": {} + }, + "type": "array" + }, + "receivers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver", + "default": {} + }, + "type": "array" + }, + "route": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route" + }, + "timeIntervals": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange": { + "additionalProperties": false, + "properties": { + "end": { + "format": "int32", + "type": "integer" + }, + "start": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig": { + "additionalProperties": false, + "properties": { + "authIdentity": { + "type": "string" + }, + "authPassword": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "authSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "authUsername": { + "type": "string" + }, + "from": { + "type": "string" + }, + "headers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "hello": { + "type": "string" + }, + "html": { + "type": "string" + }, + "requireTLS": { + "type": "boolean" + }, + "sendResolved": { + "type": "boolean" + }, + "smarthost": { + "type": "string" + }, + "text": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig" + }, + "to": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "followRedirects": { + "type": "boolean" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "proxyURL": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule": { + "additionalProperties": false, + "properties": { + "equal": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sourceMatch": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "targetMatch": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher": { + "additionalProperties": false, + "properties": { + "matchType": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig": { + "additionalProperties": false, + "properties": { + "actions": { + "type": "string" + }, + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "apiURL": { + "type": "string" + }, + "description": { + "type": "string" + }, + "details": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entity": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "note": { + "type": "string" + }, + "priority": { + "type": "string" + }, + "responders": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder", + "default": {} + }, + "type": "array" + }, + "sendResolved": { + "type": "boolean" + }, + "source": { + "type": "string" + }, + "tags": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "type": { + "default": "", + "type": "string" + }, + "username": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig": { + "additionalProperties": false, + "properties": { + "class": { + "type": "string" + }, + "client": { + "type": "string" + }, + "clientURL": { + "type": "string" + }, + "component": { + "type": "string" + }, + "description": { + "type": "string" + }, + "details": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "group": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "pagerDutyImageConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig", + "default": {} + }, + "type": "array" + }, + "pagerDutyLinkConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig", + "default": {} + }, + "type": "array" + }, + "routingKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "sendResolved": { + "type": "boolean" + }, + "serviceKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "severity": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig": { + "additionalProperties": false, + "properties": { + "alt": { + "type": "string" + }, + "href": { + "type": "string" + }, + "src": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig": { + "additionalProperties": false, + "properties": { + "alt": { + "type": "string" + }, + "href": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig": { + "additionalProperties": false, + "properties": { + "expire": { + "type": "string" + }, + "html": { + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "priority": { + "type": "string" + }, + "retry": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "sound": { + "type": "string" + }, + "title": { + "type": "string" + }, + "token": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "url": { + "type": "string" + }, + "urlTitle": { + "type": "string" + }, + "userKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver": { + "additionalProperties": false, + "properties": { + "emailConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + }, + "opsgenieConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig", + "default": {} + }, + "type": "array" + }, + "pagerdutyConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig", + "default": {} + }, + "type": "array" + }, + "pushoverConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig", + "default": {} + }, + "type": "array" + }, + "slackConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig", + "default": {} + }, + "type": "array" + }, + "snsConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig", + "default": {} + }, + "type": "array" + }, + "telegramConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig", + "default": {} + }, + "type": "array" + }, + "victoropsConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig", + "default": {} + }, + "type": "array" + }, + "webhookConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig", + "default": {} + }, + "type": "array" + }, + "wechatConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route": { + "additionalProperties": false, + "properties": { + "continue": { + "type": "boolean" + }, + "groupBy": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "groupInterval": { + "type": "string" + }, + "groupWait": { + "type": "string" + }, + "matchers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "muteTimeIntervals": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "receiver": { + "default": "", + "type": "string" + }, + "repeatInterval": { + "type": "string" + }, + "routes": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig": { + "additionalProperties": false, + "properties": { + "apiURL": { + "type": "string" + }, + "attributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "phoneNumber": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "sigv4": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4" + }, + "subject": { + "type": "string" + }, + "targetARN": { + "type": "string" + }, + "topicARN": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction": { + "additionalProperties": false, + "properties": { + "confirm": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField" + }, + "name": { + "type": "string" + }, + "style": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "type": { + "default": "", + "type": "string" + }, + "url": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "type", + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction", + "default": {} + }, + "type": "array" + }, + "apiURL": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "callbackId": { + "type": "string" + }, + "channel": { + "type": "string" + }, + "color": { + "type": "string" + }, + "fallback": { + "type": "string" + }, + "fields": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField", + "default": {} + }, + "type": "array" + }, + "footer": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "iconEmoji": { + "type": "string" + }, + "iconURL": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "linkNames": { + "type": "boolean" + }, + "mrkdwnIn": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "pretext": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField": { + "additionalProperties": false, + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField": { + "additionalProperties": false, + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "title", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig": { + "additionalProperties": false, + "properties": { + "apiURL": { + "type": "string" + }, + "botToken": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "chatID": { + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "parseMode": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "timeIntervals": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod": { + "additionalProperties": false, + "properties": { + "daysOfMonth": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange", + "default": {} + }, + "type": "array" + }, + "months": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "times": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange", + "default": {} + }, + "type": "array" + }, + "weekdays": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "years": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange": { + "additionalProperties": false, + "properties": { + "endTime": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig": { + "additionalProperties": false, + "properties": { + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "apiUrl": { + "type": "string" + }, + "customFields": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entityDisplayName": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "messageType": { + "type": "string" + }, + "monitoringTool": { + "type": "string" + }, + "routingKey": { + "default": "", + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "stateMessage": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig": { + "additionalProperties": false, + "properties": { + "agentID": { + "type": "string" + }, + "apiSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "apiURL": { + "type": "string" + }, + "corpID": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "messageType": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "toParty": { + "type": "string" + }, + "toTag": { + "type": "string" + }, + "toUser": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig": { + "additionalProperties": false, + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "maxAlerts": { + "format": "int32", + "type": "integer" + }, + "sendResolved": { + "type": "boolean" + }, + "url": { + "type": "string" + }, + "urlSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Affinity": { + "additionalProperties": false, + "properties": { + "nodeAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAffinity" + }, + "podAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinity" + }, + "podAntiAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAntiAffinity" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "additionalProperties": false, + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIVolumeSource": { + "additionalProperties": false, + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Capabilities": { + "additionalProperties": false, + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.CephFSVolumeSource": { + "additionalProperties": false, + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapEnvSource": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ConfigMapProjection": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Container": { + "additionalProperties": false, + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "type": "array" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" + }, + "livenessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "startupProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerPort": { + "additionalProperties": false, + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIProjection": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "additionalProperties": false, + "properties": { + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "additionalProperties": false, + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvFromSource": { + "additionalProperties": false, + "properties": { + "configMapRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapEnvSource" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretEnvSource" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvVar": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVarSource" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EnvVarSource": { + "additionalProperties": false, + "properties": { + "configMapKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector" + }, + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" + }, + "secretKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "additionalProperties": false, + "properties": { + "volumeClaimTemplate": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimTemplate" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ExecAction": { + "additionalProperties": false, + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FCVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FlexVolumeSource": { + "additionalProperties": false, + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlockerVolumeSource": { + "additionalProperties": false, + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GRPCAction": { + "additionalProperties": false, + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "additionalProperties": false, + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "additionalProperties": false, + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPGetAction": { + "additionalProperties": false, + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPHeader" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPHeader": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostPathVolumeSource": { + "additionalProperties": false, + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "additionalProperties": false, + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.KeyToPath": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Lifecycle": { + "additionalProperties": false, + "properties": { + "postStart": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" + }, + "preStop": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LifecycleHandler": { + "additionalProperties": false, + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NFSVolumeSource": { + "additionalProperties": false, + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "server", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeAffinity": { + "additionalProperties": false, + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PreferredSchedulingTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelector": { + "additionalProperties": false, + "properties": { + "nodeSelectorTerms": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelectorTerm": { + "additionalProperties": false, + "properties": { + "matchExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + }, + "matchFields": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectFieldSelector": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { + "additionalProperties": false, + "properties": { + "lastProbeTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastTransitionTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "additionalProperties": false, + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + }, + "dataSourceRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "additionalProperties": false, + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "allocatedResources": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "conditions": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimCondition" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "phase": { + "type": "string" + }, + "resizeStatus": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "additionalProperties": false, + "properties": { + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "additionalProperties": false, + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinity": { + "additionalProperties": false, + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinityTerm": { + "additionalProperties": false, + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAntiAffinity": { + "additionalProperties": false, + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodSecurityContext": { + "additionalProperties": false, + "properties": { + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "sysctls": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl" + }, + "type": "array" + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PortworxVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PreferredSchedulingTerm": { + "additionalProperties": false, + "properties": { + "preference": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "preference" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Probe": { + "additionalProperties": false, + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction" + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "additionalProperties": false, + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "additionalProperties": false, + "properties": { + "limits": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SELinuxOptions": { + "additionalProperties": false, + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SeccompProfile": { + "additionalProperties": false, + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "io.k8s.api.core.v1.SecretEnvSource": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretProjection": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecurityContext": { + "additionalProperties": false, + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "additionalProperties": false, + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Sysctl": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TCPSocketAction": { + "additionalProperties": false, + "properties": { + "host": { + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Toleration": { + "additionalProperties": false, + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.TopologySpreadConstraint": { + "additionalProperties": false, + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "format": "int32", + "type": "integer" + }, + "minDomains": { + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.Volume": { + "additionalProperties": false, + "properties": { + "awsElasticBlockStore": { + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + }, + "azureDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" + }, + "azureFile": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource" + }, + "cephfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource" + }, + "cinder": { + "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource" + }, + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" + }, + "csi": { + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource" + }, + "emptyDir": { + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" + }, + "ephemeral": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" + }, + "fc": { + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource" + }, + "flocker": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "gitRepo": { + "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource" + }, + "glusterfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource" + }, + "hostPath": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "iscsi": { + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource" + }, + "name": { + "type": "string" + }, + "nfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" + }, + "persistentVolumeClaim": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" + }, + "photonPersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + }, + "projected": { + "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource" + }, + "quobyte": { + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + }, + "rbd": { + "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource" + }, + "scaleIO": { + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" + }, + "storageos": { + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource" + }, + "vsphereVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeDevice": { + "additionalProperties": false, + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "devicePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMount": { + "additionalProperties": false, + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeProjection": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapProjection" + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIProjection" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretProjection" + }, + "serviceAccountToken": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccountTokenProjection" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WeightedPodAffinityTerm": { + "additionalProperties": false, + "properties": { + "podAffinityTerm": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "podAffinityTerm" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WindowsSecurityContextOptions": { + "additionalProperties": false, + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON": {}, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "properties": { + "matchExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "type": "string" + }, + "values": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "default": {} + }, + "deletionGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "deletionTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "generateName": { + "type": "string" + }, + "generation": { + "format": "int64", + "type": "integer" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry", + "default": {} + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference", + "default": {} + }, + "type": "array", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "default": "", + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "default": "", + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "uid": { + "default": "", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AlertmanagerSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ProbeSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitorSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRulerSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "alertmanagerconfigs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "alertmanagers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "podmonitors": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "probes": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "prometheuses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "prometheusrules": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "servicemonitors": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "thanosrulers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + } + }, + "properties": { + "alertmanagerconfigs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + } + }, + "type": "object" + }, + "alertmanagers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "probes": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe" + } + }, + "type": "object" + }, + "prometheuses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus" + } + }, + "type": "object" + }, + "prometheusrules": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + } + }, + "type": "object" + }, + "servicemonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "alertmanagerconfigs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "alertmanagers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Alertmanager" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "podmonitors": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "probes": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Probe" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "prometheuses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.Prometheus" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "prometheusrules": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "servicemonitors": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ServiceMonitor" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "thanosrulers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "thanosrulers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.ThanosRuler" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/meta-prometheus-operator/values.yaml b/charts/meta-prometheus-operator/values.yaml new file mode 100644 index 0000000..a4840db --- /dev/null +++ b/charts/meta-prometheus-operator/values.yaml @@ -0,0 +1,10 @@ +# context can be used to define any user-provided structure to use in values +# templating +context: {} + +# fullnameOverride overrides value of $.Release.Name for resources release name +# prefixes +fullnameOverride: + +# settings configures chart behaviour +settings: {} diff --git a/charts/simple/.helmignore b/charts/simple/.helmignore new file mode 100644 index 0000000..7f28c89 --- /dev/null +++ b/charts/simple/.helmignore @@ -0,0 +1,3 @@ +config/* +values.schema.full.json +values.example.yaml diff --git a/charts/simple/Chart.yaml b/charts/simple/Chart.yaml new file mode 100644 index 0000000..eed6c2d --- /dev/null +++ b/charts/simple/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: simple +description: Metachart born Helm Chart +type: application +version: "0.1.0" +appVersion: none diff --git a/charts/simple/README.md b/charts/simple/README.md new file mode 100644 index 0000000..2950d8f --- /dev/null +++ b/charts/simple/README.md @@ -0,0 +1,117 @@ +# simple + +`simple` is a [metachart](https://github.com/iponweb/metachart) born +[Helm](https://helm.sh/) Chart supporting a superset of Kubernetes official and +custom resource kinds required to install most kinds of software. + +Custom resources are supported from: + +- [external-secrets](https://github.com/external-secrets/external-secrets) +- [prometheus-operator](https://github.com/external-secrets/prometheus-operator) + +## What is it? + +The chart is aimed to: + +- Use Helm without having to write your own charts +- Use [JSON Schema](values.schema.full.json) in your favourite IDE for + autocompletion and validation of your values files +- Complete resources support - you do not need to think whether a particular + field is supported by the chart or not +- Go templating is supported by all string field, see [FAQ](docs/faq.md). +- Define all images used by the release in one place, see [FAQ](docs/faq.md). +- Some resources schema has been changed for better readiness for values files + overrides, see [Preprocess](docs/preprocess.md). +- Define related resources and do not think about how to define label + selectors, see [FAQ](docs/faq.md). +- Use checksums for automatic pods re-creation, see [FAQ](docs/faq.md). +- Define defaults for every resource kind, see [FAQ](docs/faq.md). + +For complete resources list support see [resources](docs/resources.md). + +## Quickstart + +Add the [Helm](https://helm.sh/) repository: + +```shell +helm repo add iponweb https://iponweb.github.io/charts +``` + +Add the [values.schema.full.json](values.schema.full.json) schema to your +favourite IDE to enable values file autocompletion and validation. In +comparison to [values.schema.json](values.schema.json) it has properties +descriptions not stripped. + +Examples: +- [IntelliJ IDEA](https://www.jetbrains.com/help/idea/json.html#ws_json_schema_add_custom) +- [Visual Studio Code](https://code.visualstudio.com/docs/languages/json#_json-schemas-and-settings) +- [Sublime Text](https://github.com/sublimelsp/LSP-json) + +Define the sample `values.yaml` file: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + related: + services: + main: + spec: + ports: + - port: 80 + targetPort: web + spec: + pod: + spec: + containers: + main: + imageRef: nginx + ports: + - containerPort: 80 + name: web +``` + +Install the release: + +```shell +helm upgrade --install release-name -f values.yaml iponweb/simple +``` + +List deployed resources: +```shell +$ kubectl get all +NAME READY STATUS RESTARTS AGE +pod/release-name-main-56b7c8d5f6-fnpwh 1/1 Running 0 23s + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/kubernetes ClusterIP 10.100.0.1 443/TCP 185d +service/release-name-main ClusterIP 10.100.251.167 80/TCP 23s + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/release-name-main 1/1 1 1 23s + +NAME DESIRED CURRENT READY AGE +replicaset.apps/release-name-main-56b7c8d5f6 1 1 1 23s +``` + +## Documentation + +Read the [Documentation](docs) section. Some examples can be found in the +[examples](examples) directory. + +Also, see the +`metachart` [Documentation](https://github.com/iponweb/metachart/docs) for more +details. + +## Requirements + +Minimal supported [Helm](https://helm.sh/) version is `v3.2.0`. + +## Versioning + +Versions are following the [semver](https://semver.org/) v2.0 specification. diff --git a/charts/simple/config/resources.yaml b/charts/simple/config/resources.yaml new file mode 100644 index 0000000..b23f8fe --- /dev/null +++ b/charts/simple/config/resources.yaml @@ -0,0 +1,182 @@ +resources: + images: + template: false + jsonSchemaRef: metachart.api.internal.Image + defaults: false + + #: rbac.authorization.k8s.io/v1 + roles: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + jsonSchemaRef: metachart.api.io.k8s.api.rbac.v1.Role + rolebindings: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + jsonSchemaRef: metachart.api.io.k8s.api.rbac.v1.RoleBinding + clusterroles: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + jsonSchemaRef: metachart.api.io.k8s.api.rbac.v1.ClusterRole + clusterrolebindings: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + jsonSchemaRef: metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding + + #: apiregistration.k8s.io/v1 + apiservices: + apiVersion: apiregistration.k8s.io/v1 + kind: APIService + jsonSchemaRef: metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService + + #: admissionregistration.k8s.io/v1 + mutatingwebhookconfigurations: + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + jsonSchemaRef: metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration + validatingwebhookconfigurations: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + jsonSchemaRef: metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration + + #: apiextensions.k8s.io/v1 + customresourcedefinitions: + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + jsonSchemaRef: metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition + + #: networking.k8s.io/v1 + ingresses: + apiVersion: networking.k8s.io/v1 + kind: Ingress + jsonSchemaRef: metachart.api.io.k8s.api.networking.v1.Ingress + ingressclasses: + apiVersion: networking.k8s.io/v1 + kind: Ingress + jsonSchemaRef: metachart.api.io.k8s.api.networking.v1.IngressClass + networkpolicies: + apiVersion: networking.k8s.io/v1 + kind: Ingress + jsonSchemaRef: metachart.api.io.k8s.api.networking.v1.NetworkPolicy + + #: storage.k8s.io/v1 + storageclasses: + apiVersion: storage.k8s.io/v1 + kind: StorageClass + jsonSchemaRef: metachart.api.io.k8s.api.storage.v1.StorageClass + + #: v1 + serviceaccounts: + apiVersion: v1 + kind: ServiceAccount + jsonSchemaRef: metachart.api.io.k8s.api.core.v1.ServiceAccount + persistentvolumes: + apiVersion: v1 + kind: PersistentVolume + jsonSchemaRef: metachart.api.io.k8s.api.core.v1.PersistentVolume + persistentvolumeclaims: + apiVersion: v1 + kind: PersistentVolumeClaim + jsonSchemaRef: metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim + configmaps: + apiVersion: v1 + kind: ConfigMap + jsonSchemaRef: metachart.api.io.k8s.api.core.v1.ConfigMap + secrets: + apiVersion: v1 + kind: Secret + jsonSchemaRef: metachart.api.io.k8s.api.core.v1.Secret + services: + apiVersion: v1 + kind: Service + jsonSchemaRef: metachart.api.io.k8s.api.core.v1.Service + containers: + jsonSchemaRef: metachart.api.core.v1.Container + template: false + root: false + defaults: true + pods: + apiVersion: v1 + kind: Pod + jsonSchemaRef: metachart.api.core.v1.Pod + + #: apps/v1 + deployments: + apiVersion: apps/v1 + kind: Deployment + jsonSchemaRef: metachart.api.io.k8s.api.apps.v1.Deployment + daemonsets: + apiVersion: apps/v1 + kind: DaemonSet + jsonSchemaRef: metachart.api.io.k8s.api.apps.v1.DaemonSet + statefulsets: + apiVersion: apps/v1 + kind: StatefulSet + jsonSchemaRef: metachart.api.io.k8s.api.apps.v1.StatefulSet + + #: autoscaling/v1 + horizontalpodautoscalers: + apiVersion: autoscaling/v1 + kind: HorizontalPodAutoscaler + jsonSchemaRef: metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler + + #: batch/v1 + jobs: + apiVersion: batch/v1 + kind: Job + jsonSchemaRef: metachart.api.io.k8s.api.batch.v1.Job + cronjobs: + apiVersion: batch/v1 + kind: CronJob + jsonSchemaRef: metachart.api.io.k8s.api.batch.v1.CronJob + + #: certificates.k8s.io/v1 + certificatesigningrequests: + apiVersion: certificates.k8s.io/v1 + kind: CertificateSigningRequest + jsonSchemaRef: metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest + + #: policy/v1 + poddisruptionbudgets: + apiVersion: policy/v1 + kind: PodDisruptionBudget + jsonSchemaRef: metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget + + #: scheduling.k8s.io/v1 + priorityclasses: + apiVersion: scheduling.k8s.io/v1 + kind: PriorityClass + jsonSchemaRef: metachart.api.io.k8s.api.scheduling.v1.PriorityClass + + #: external-secrets.io/v1beta1 + externalsecrets: + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret + clusterexternalsecrets: + apiVersion: external-secrets.io/v1beta1 + kind: ClusterExternalSecret + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret + secretstores: + apiVersion: external-secrets.io/v1beta1 + kind: SecretStore + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore + clustersecretstores: + apiVersion: external-secrets.io/v1beta1 + kind: ClusterSecretStore + jsonSchemaRef: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore + + #: monitoring.coreos.com/v1alpha1 + alertmanagerconfigs: + apiVersion: monitoring.coreos.com/v1alpha1 + kind: AlertmanagerConfig + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig + + #: monitoring.coreos.com/v1 + podmonitors: + apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + prometheusrules: + apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + jsonSchemaRef: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule diff --git a/charts/simple/config/schema.yaml b/charts/simple/config/schema.yaml new file mode 100644 index 0000000..90da596 --- /dev/null +++ b/charts/simple/config/schema.yaml @@ -0,0 +1,267 @@ +.defaults: + disallowed: &defaultDisallowed + - status + - kind + - apiVersion + properties: &defaultProperties + enabled: metachart.interface.boolean + metadata: metachart.api.meta.v1.ObjectMeta + rootKey: &defaultRootKey + disallowed: *defaultDisallowed + properties: *defaultProperties + +definitions: + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/kubernetes/v1.25.2-strict/_definitions.json + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/external-secrets/v0.6.1-strict/_definitions.json + - https://raw.githubusercontent.com/iponweb/schemas/main/json-schemas/prometheus-operator/v0.60.1-strict/_definitions.json + +rules: + #: Common + #: + #: meta.v1.ObjectMeta + - target: metachart.api.meta.v1.ObjectMeta + source: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + allowed: + - annotations + - labels + - finalizers + - namespace + - name + properties: + checksums: metachart.interface.checksums + + #: rbac.authorization.k8s.io/v1 + - target: metachart.api.io.k8s.api.rbac.v1.Role + source: io.k8s.api.rbac.v1.Role + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.rbac.v1.RoleBinding + source: io.k8s.api.rbac.v1.RoleBinding + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.rbac.v1.ClusterRole + source: io.k8s.api.rbac.v1.ClusterRole + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding + source: io.k8s.api.rbac.v1.ClusterRoleBinding + <<: *defaultRootKey + + #: apiregistration.k8s.io/v1 + - target: metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService + source: io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService + <<: *defaultRootKey + + #: admissionregistration.k8s.io/v1 + - target: metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration + source: io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration + source: io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration + <<: *defaultRootKey + + #: apiextensions.k8s.io/v1 + - target: metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition + source: io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition + <<: *defaultRootKey + + #: networking.k8s.io/v1 + - target: metachart.api.io.k8s.api.networking.v1.Ingress + source: io.k8s.api.networking.v1.Ingress + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.networking.v1.IngressClass + source: io.k8s.api.networking.v1.IngressClass + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.networking.v1.NetworkPolicy + source: io.k8s.api.networking.v1.NetworkPolicy + <<: *defaultRootKey + + #: storage.k8s.io/v1 + - target: metachart.api.io.k8s.api.storage.v1.StorageClass + source: io.k8s.api.storage.v1.StorageClass + <<: *defaultRootKey + + #: v1 + - target: metachart.api.io.k8s.api.core.v1.ServiceAccount + source: io.k8s.api.core.v1.ServiceAccount + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.core.v1.PersistentVolume + source: io.k8s.api.core.v1.PersistentVolume + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim + source: io.k8s.api.core.v1.PersistentVolumeClaim + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.core.v1.ConfigMap + source: io.k8s.api.core.v1.ConfigMap + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.core.v1.Secret + source: io.k8s.api.core.v1.Secret + <<: *defaultRootKey + - target: metachart.api.io.k8s.api.core.v1.Service + source: io.k8s.api.core.v1.Service + <<: *defaultRootKey + #: v1 - Container + - target: metachart.api.core.v1.Container + source: io.k8s.api.core.v1.Container + disallowed: + - name + - image + - imagePullPolicy + properties: + imageRef: metachart.interface.FQDNitem + required: + - imageRef + #: v1 - Pod + - target: metachart.api.core.v1.Pod + source: io.k8s.api.core.v1.Pod + disallowed: *defaultDisallowed + properties: + <<: *defaultProperties + spec: metachart.api.core.v1.PodSpec + - target: metachart.api.core.v1.PodSpec + source: io.k8s.api.core.v1.PodSpec + properties: + containers: metachart.api.core.v1.ContainerList + initContainers: metachart.api.core.v1.ContainerList + metadata: metachart.api.meta.v1.ObjectMeta + + #: apps/v1 + #: + #: apps/v1 - Deployment + - target: metachart.api.io.k8s.api.apps.v1.Deployment + source: io.k8s.api.apps.v1.Deployment + disallowed: *defaultDisallowed + properties: + <<: *defaultProperties + spec: metachart.api.io.k8s.api.apps.v1.DeploymentSpec + related: + services: metachart.api.io.k8s.api.core.v1.Service + poddisruptionbudgets: metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget + podmonitors: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + - target: metachart.api.io.k8s.api.apps.v1.DeploymentSpec + source: io.k8s.api.apps.v1.DeploymentSpec + disallowed: + - template + - selector + properties: + pod: metachart.api.core.v1.Pod + required: + - pod + #: apps/v1 - Daemonset + - target: metachart.api.io.k8s.api.apps.v1.DaemonSet + source: io.k8s.api.apps.v1.DaemonSet + disallowed: *defaultDisallowed + properties: + <<: *defaultProperties + spec: metachart.api.io.k8s.api.apps.v1.DaemonSetSpec + related: + services: metachart.api.io.k8s.api.core.v1.Service + podmonitors: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + - target: metachart.api.io.k8s.api.apps.v1.DaemonSetSpec + source: io.k8s.api.apps.v1.DaemonSetSpec + disallowed: + - template + - selector + properties: + pod: metachart.api.core.v1.Pod + required: + - pod + #: apps/v1 - StatefulSet + - target: metachart.api.io.k8s.api.apps.v1.StatefulSet + source: io.k8s.api.apps.v1.StatefulSet + disallowed: *defaultDisallowed + properties: + <<: *defaultProperties + spec: metachart.api.io.k8s.api.apps.v1.StatefulSetSpec + related: + services: metachart.api.io.k8s.api.core.v1.Service + poddisruptionbudgets: metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget + podmonitors: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + - target: metachart.api.io.k8s.api.apps.v1.StatefulSetSpec + source: io.k8s.api.apps.v1.StatefulSetSpec + disallowed: + - template + - selector + properties: + pod: metachart.api.core.v1.Pod + volumeClaimTemplates: metachart.api.internal.volumeClaimTemplates + required: + - pod + + #: autoscaling/v1 + - target: metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler + source: io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler + <<: *defaultRootKey + + #: batch/v1 + #: + #: batch/v1 - CronJob + - target: metachart.api.io.k8s.api.batch.v1.CronJob + source: io.k8s.api.batch.v1.CronJob + disallowed: *defaultDisallowed + properties: + <<: *defaultProperties + spec: metachart.api.io.k8s.api.batch.v1.CronJobSpec + - target: metachart.api.io.k8s.api.batch.v1.CronJobSpec + source: io.k8s.api.batch.v1.CronJobSpec + disallowed: + - jobTemplate + - selector + properties: + job: metachart.api.io.k8s.api.batch.v1.Job + required: + - job + #: batch/v1 - Job + - target: metachart.api.io.k8s.api.batch.v1.Job + source: io.k8s.api.batch.v1.Job + disallowed: *defaultDisallowed + properties: + <<: *defaultProperties + spec: metachart.api.io.k8s.api.batch.v1.JobSpec + - target: metachart.api.io.k8s.api.batch.v1.JobSpec + source: io.k8s.api.batch.v1.JobSpec + disallowed: + - template + properties: + pod: metachart.api.core.v1.Pod + required: + - pod + + #: certificates.k8s.io/v1 + - target: metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest + source: io.k8s.api.certificates.v1.CertificateSigningRequest + <<: *defaultRootKey + + #: policy/v1 + - target: metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget + source: io.k8s.api.policy.v1.PodDisruptionBudget + <<: *defaultRootKey + + #: scheduling.k8s.io/v1 + - target: metachart.api.io.k8s.api.scheduling.v1.PriorityClass + source: io.k8s.api.scheduling.v1.PriorityClass + <<: *defaultRootKey + + #: external-secrets.io/v1beta1 + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret + source: io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret + <<: *defaultRootKey + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret + source: io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret + <<: *defaultRootKey + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore + source: io.external-secrets.apis.externalsecrets.v1beta1.SecretStore + <<: *defaultRootKey + - target: metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore + source: io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore + <<: *defaultRootKey + + #: monitoring.coreos.com/v1alpha1 + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig + source: com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig + <<: *defaultRootKey + + #: monitoring.coreos.com/v1 + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + source: com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor + <<: *defaultRootKey + - target: metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule + source: com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule + <<: *defaultRootKey diff --git a/charts/simple/config/values.schema.custom.json b/charts/simple/config/values.schema.custom.json new file mode 100644 index 0000000..1eac248 --- /dev/null +++ b/charts/simple/config/values.schema.custom.json @@ -0,0 +1,48 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "metachart.api.core.v1.ContainerList": { + "type": "object", + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.core.v1.Container" + } + }, + "additionalProperties": false + }, + "metachart.api.internal.volumeClaimTemplates": { + "type": "object", + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "additionalProperties": false + }, + "metachart.api.internal.Image": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "pullPolicy": { + "type": "string", + "enum": [ + "Always", + "IfNotPresent" + ] + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "additionalProperties": false + } + } +} diff --git a/charts/simple/docs/faq.md b/charts/simple/docs/faq.md new file mode 100644 index 0000000..5d4a4c3 --- /dev/null +++ b/charts/simple/docs/faq.md @@ -0,0 +1,179 @@ +# Frequently asked questions + +## Images + +The chart is designed to store all images used by the release in one place. + +Example: + +```yaml +images: + alpine: + repository: alpine + tag: latest + pullPolicy: Always + + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + spec: + pod: + spec: + containers: + main: + #: Use the `nginx` image + imageRef: nginx + ports: + - name: http + containerPort: 80 +``` + +## Related resources + +Some resource kinds support related resource definition. For example, Service +can be defined as related for Deployment, StatefulSet and DaemonSet kinds. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + related: + services: + #: Related `Service` resources which `spec.selector` values will be set + #: automatically + main: + spec: + ports: + - name: http + port: 80 + spec: + pod: + spec: + containers: + main: + imageRef: nginx + ports: + - name: http + containerPort: 80 +``` + +## Resource kind settings + +Use `settings.kind` to manipulate kind settings + +Example: + +```yaml +settings: + pods: + #: Whether resource kind must be disabled (default: false) + disable: false + + #: Defaults for all `pods` resources (including Deployment and other + #: Pod-containing resources kinds) + defaults: + spec: + serviceAccountName: "external-name" + + #: Set to empty value to satisfy schema rule and not break functionality + containers: {} +``` + +## Refer to another release resource + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +configmaps: + config: + data: {} + +deployments: + main: + spec: + pod: + spec: + containers: + main: + imageRef: nginx + envFrom: + - configMapRef: + #: Refer to the `config` ConfigMap defined below by name + name: '{{ include "metachart.fullname" $ }}-config' +``` + +## String values templating + +Always access to root context as `$.` in string templates + +```yaml +context: + contextSetting: value + +configmaps: + config: + data: + fullname: '{{ include "metachart.fullname" $ }}' + contextSetting: '{{ $.Values.context.contextSetting }}' +``` + +## Checksums + +The feature is available for Deployment, DaemonSet, StatefulSet resources +kinds. As checksum sources `configmaps` and `secrets` can be used. + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +configmaps: + first: + data: {} + second: + data: {} + +deployments: + + #: Pods will be re-created on any configmap change + all-configmaps: + metadata: + checksums: + configmaps: "*" + spec: + pod: + spec: + containers: + main: + imageRef: nginx + + #: Pods will be re-created only on `second` configmap change + single-configmap: + metadata: + checksums: + configmaps: + - second + spec: + pod: + spec: + containers: + main: + imageRef: nginx +``` diff --git a/charts/simple/docs/preprocess.md b/charts/simple/docs/preprocess.md new file mode 100644 index 0000000..9c5ef6a --- /dev/null +++ b/charts/simple/docs/preprocess.md @@ -0,0 +1,632 @@ +# Preprocess + +Some resources are using a bit different schema from the real one, so this +document describes that differences. + +Also, it describes some optimization done to simplify chart usage. + +## Image + +That's not a resource, but it's a helper to store all images definitions +used in the release in one place. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always +``` + +## Container + +That's not a resource but a part of the [Pod](#Pod) resource. + +The `image` and `imagePullPolicy` replaced by the `imageRef` field which value +is a name of a [Image](#Image) object. + +## Pod + +Fields `spec.containers` and `spec.initContainers` are maps instead of lists +which keys and values are [Container](#Container) names definition. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +pods: + main: + spec: + containers: + main: + imageRef: nginx +``` + +will be rendered to: + +```yaml +apiVersion: v1 +kind: Pod +metadata: + annotations: {} + labels: + app.kubernetes.io/component: pods-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + containers: + - image: nginx:latest + imagePullPolicy: Always + name: main +``` + +## Deployment + +1. Field `spec.template` is replaced by the `spec.pod` consuming [Pod](#Pod) + resource +2. Field `spec.selector` enforced to discover only Pods produced by this + Deployment + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + spec: + pod: + spec: + containers: + main: + imageRef: nginx +``` + +will be rendered to: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + selector: + matchLabels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: nginx:latest + imagePullPolicy: Always + name: main +``` + + +## DaemonSet + +Same as [Deployment](#Deployment) preprocessor. + +## StatefulSet + +Same as [Deployment](#Deployment) preprocessor. + +1. Same as [Deployment](#Deployment) preprocessor. +2. Field `spec.volumeClaimTemplates` is a map instead of list + which keys and values are PersistentVolumeClaim template names and + definitions. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +statefulsets: + main: + related: + services: + main-headless: + spec: + clusterIP: None + spec: + serviceName: '{{ include "metachart.fullname" $ }}-main-headless' + pod: + spec: + containers: + main: + imageRef: nginx +``` + +will be rendered to: + +```yaml +--- +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/component: statefulsets-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main-headless +spec: + clusterIP: None + selector: + app.kubernetes.io/component: statefulsets-main + app.kubernetes.io/instance: release-name +... +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: {} + labels: + app.kubernetes.io/component: statefulsets-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + selector: + matchLabels: + app.kubernetes.io/component: statefulsets-main + app.kubernetes.io/instance: release-name + serviceName: release-name-main-headless + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: statefulsets-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: nginx:latest + imagePullPolicy: Always + name: main + volumeClaimTemplates: [] +... +``` + +## Job + +Field `spec.template` is replaced by the `spec.pod` consuming [Pod](#Pod) +resource + +Example: + +```yaml +images: + alpine: + repository: alpine + tag: latest + pullPolicy: Always + +jobs: + main: + spec: + pod: + spec: + containers: + main: + imageRef: alpine +``` + +will be rendered to: + +```yaml +apiVersion: batch/v1 +kind: Job +metadata: + annotations: {} + labels: + app.kubernetes.io/component: jobs-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: jobs-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: alpine:latest + imagePullPolicy: Always + name: main +``` + +## CronJob + +Field `spec.jobTemplate` is replaced by the `spec.job` consuming [Job](#Job) +resource + +Example: + +```yaml +images: + alpine: + repository: alpine + tag: latest + pullPolicy: Always + +cronjobs: + main: + spec: + schedule: "* * * * *" + job: + spec: + pod: + spec: + containers: + main: + imageRef: alpine +``` + +will be rendered to: + +```yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: {} + labels: + app.kubernetes.io/component: cronjobs-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + jobTemplate: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cronjobs-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: cronjobs-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: alpine:latest + imagePullPolicy: Always + name: main + schedule: '* * * * *' +``` + +## PodMonitor + +If defined as a related resource, `spec.selector.matchLabels` field value +enforced to label selector of the parent resource and +`spec.namespaceSelector.matchNames` to the release namespace. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + related: + podmonitors: + main: + spec: + #: Define empty to satisfy schema requirements + #: Will be overridden by preprocessor + selector: {} + + podMetricsEndpoints: + - port: metrics + spec: + pod: + spec: + containers: + main: + imageRef: nginx + ports: + - name: metrics + containerPort: 8080 +``` + +will be rendered to: + +```yaml +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + selector: + matchLabels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: nginx:latest + imagePullPolicy: Always + name: main + ports: + - containerPort: 8080 + name: metrics +... +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + namespaceSelector: + matchNames: + - default + podMetricsEndpoints: + - port: metrics + selector: + matchLabels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name +... +``` + +## PodDisruptionBudget + +If defined as a related resource, `spec.selector` field value enforced to label +selector of the parent resource. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + related: + poddisruptionbudgets: + main: + spec: + maxUnavailable: 1 + spec: + pod: + spec: + containers: + main: + imageRef: nginx +``` + +will be rendered to: + +```yaml +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name +... +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + selector: + matchLabels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: nginx:latest + imagePullPolicy: Always + name: main +... +``` + +## Service + +If defined as a related resource, `spec.selector` field value enforced to label +selector of the parent resource. + +Example: + +```yaml +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + +deployments: + main: + related: + services: + main: + spec: + ports: + - port: 80 + targetPort: web + spec: + pod: + spec: + containers: + main: + imageRef: nginx + ports: + - containerPort: 80 + name: web +``` + +will be rendered to: + +```yaml +--- +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + ports: + - port: 80 + targetPort: web + selector: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name +... +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + name: release-name-main +spec: + selector: + matchLabels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: {} + labels: + app.kubernetes.io/component: deployments-main + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: none + helm.sh/chart: simple-0.0.1 + spec: + containers: + - image: nginx:latest + imagePullPolicy: Always + name: main + ports: + - containerPort: 80 + name: web +... +``` diff --git a/charts/simple/docs/resources.md b/charts/simple/docs/resources.md new file mode 100644 index 0000000..40d977c --- /dev/null +++ b/charts/simple/docs/resources.md @@ -0,0 +1,140 @@ +# Resources + +A set of resources supported by the chart + +## Non-Kubernetes resources + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| images | | - | + + +## admissionregistration.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| mutatingwebhookconfigurations | MutatingWebhookConfiguration | - | +| validatingwebhookconfigurations | ValidatingWebhookConfiguration | - | + + +## apiextensions.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| customresourcedefinitions | CustomResourceDefinition | - | + + +## apiregistration.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| apiservices | APIService | - | + + +## apps/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| daemonsets | DaemonSet | [link](templates/preprocess/_daemonsets.tpl) | +| deployments | Deployment | [link](templates/preprocess/_deployments.tpl) | +| statefulsets | StatefulSet | [link](templates/preprocess/_statefulsets.tpl) | + + +## autoscaling/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| horizontalpodautoscalers | HorizontalPodAutoscaler | - | + + +## batch/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| cronjobs | CronJob | [link](templates/preprocess/_cronjobs.tpl) | +| jobs | Job | [link](templates/preprocess/_jobs.tpl) | + + +## certificates.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| certificatesigningrequests | CertificateSigningRequest | - | + + +## external-secrets.io/v1beta1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| clusterexternalsecrets | ClusterExternalSecret | - | +| clustersecretstores | ClusterSecretStore | - | +| externalsecrets | ExternalSecret | - | +| secretstores | SecretStore | - | + + +## monitoring.coreos.com/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| podmonitors | PodMonitor | [link](templates/preprocess/_podmonitors.tpl) | +| prometheusrules | PrometheusRule | - | + + +## monitoring.coreos.com/v1alpha1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| alertmanagerconfigs | AlertmanagerConfig | - | + + +## networking.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| ingressclasses | Ingress | - | +| ingresses | Ingress | - | +| networkpolicies | Ingress | - | + + +## policy/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| poddisruptionbudgets | PodDisruptionBudget | [link](templates/preprocess/_poddisruptionbudgets.tpl) | + + +## rbac.authorization.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| clusterrolebindings | ClusterRoleBinding | - | +| clusterroles | ClusterRole | - | +| rolebindings | RoleBinding | - | +| roles | Role | - | + + +## scheduling.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| priorityclasses | PriorityClass | - | + + +## storage.k8s.io/v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| storageclasses | StorageClass | - | + + +## v1 + +| Values file key | Kind | Preprocessor | +| --------------- | ---- | ------------ | +| configmaps | ConfigMap | - | +| persistentvolumeclaims | PersistentVolumeClaim | - | +| persistentvolumes | PersistentVolume | - | +| pods | Pod | [link](templates/preprocess/_pods.tpl) | +| secrets | Secret | - | +| serviceaccounts | ServiceAccount | - | +| services | Service | [link](templates/preprocess/_services.tpl) | \ No newline at end of file diff --git a/charts/simple/examples/values.example.yaml b/charts/simple/examples/values.example.yaml new file mode 100644 index 0000000..4db06f8 --- /dev/null +++ b/charts/simple/examples/values.example.yaml @@ -0,0 +1,169 @@ +#: Additional context for string values rendering +context: + hostname: "example.com" + +#: Images to be used by the release +images: + nginx: + repository: nginx + tag: latest + pullPolicy: Always + + nginx-prometheus-exporter: + repository: nginx/nginx-prometheus-exporter + tag: v0.11.0 + pullPolicy: Always + +settings: + global: + #: Labels and annotations to be added to all release resources + labels: + global-label: global-label-value + annotations: + global-annotation: global-annotation-value + + podmonitors: + #: Whether `podmonitors` kind resources creation must be disabled or not. + #: Useful, for example, in cases if `prometheus-operator` is not installed + #: to the cluster. + disabled: false + + defaults: + metadata: + labels: + podmonitors-defaults-label: podmonitors-defaults-label-value + + #: Set to empty because these fields are required + spec: + selector: {} + podMetricsEndpoints: [] + + pods: + #: Defaults to be added to all release pods including produced by + #: `deployments` and other kinds containing Pod definition + defaults: + metadata: + labels: + pods-defaults-label: pods-defaults-label-value + + spec: + #: Default value for `volumes` will be concatenated with the value + #; defined in the particular pod resource + volumes: + - name: configmap-nginx + configMap: + #: Refer to the `configmaps.nginx` resource + name: '{{ include "metachart.fullname" $ }}-nginx' + + containers: {} + + #: Defaults to be added to all release pod containers including produced by + #: `deployments` and other kinds containing Pod definition + containers: + defaults: + imageRef: "nginx" + + #: Default value for `volumeMounts` will be concatenated with the value + #; defined in the particular pod container + volumeMounts: + - name: configmap-nginx + mountPath: /etc/nginx/conf.d + + #: `deployments` resources defaults + deployments: + defaults: + spec: + pod: + metadata: + #: Re-create pods of all `deployments` resources on any + #: `configmaps` resource change if not overridden + checksums: + configmaps: "*" + +configmaps: + nginx: + data: + 00-metrics.conf: | + server { + listen 8080; + location /stub_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + } + + 01-default.conf: | + server { + listen 80; + server_name {{ $.Values.context.hostname }}; + + location / { + root /usr/share/nginx/html; + return 404; + } + } + +deployments: + nginx: + + #: Related resources which selectors will be filled automatically to + #: be linked with the parent resource + related: + podmonitors: + nginx: + spec: + #: Set to empty because the field is required in the schema + selector: {} + + podMetricsEndpoints: + - port: metrics + + spec: + pod: + metadata: + #: Re-create pods only on particular `configmaps` resource change + checksums: + configmaps: + - nginx + spec: + containers: + nginx: + #: Use `nginx` images by reference + imageRef: nginx + + ports: + - name: http + containerPort: 80 + + metrics-nginx: + #: Use `nginx-prometheus-exporter` images by reference + imageRef: nginx-prometheus-exporter + + ports: + - name: metrics + containerPort: 9113 + command: + - nginx-prometheus-exporter + - -nginx.scrape-uri=http://localhost:8080/stub_status + +ingresses: + nginx: + #: Whether the particular ingress resource must be created + enabled: true + + spec: + rules: + + #: Use `context` as host value + - host: '{{ $.Values.context.hostname }}' + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: '{{ include "metachart.fullname" $ }}-nginx' + port: + number: 80 diff --git a/charts/simple/templates/_custom.tpl b/charts/simple/templates/_custom.tpl new file mode 100644 index 0000000..e9f3af9 --- /dev/null +++ b/charts/simple/templates/_custom.tpl @@ -0,0 +1,25 @@ +{{/* +Get image definition by the reference name +*/}} +{{- define "metachart.imageSpecByRef" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $resource := $params.resource }} +{{- $image := index $.Values.images $params.imageRef -}} +{{- /* Execution */}} +{{- $result := dict + "image" (printf "%s:%s" $image.repository $image.tag) + "imagePullPolicy" $image.pullPolicy +}} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{- define "metachart.checksum" -}} +{{- include "metachart.checksumKinds" (merge (dict "params" + (dict + "kinds" (list "configmaps" "secrets") + )) $) }} +{{- end }} diff --git a/charts/simple/templates/_metachart.tpl b/charts/simple/templates/_metachart.tpl new file mode 100644 index 0000000..d633212 --- /dev/null +++ b/charts/simple/templates/_metachart.tpl @@ -0,0 +1,639 @@ +{{/* +Create a default fully qualified app name. +Truncate at 63 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +Use only helm release name because helm chart is made to be used by different +kinds of applications. + +Return: string +*/}} +{{- define "metachart.fullname" -}} +{{- if $.Values.fullnameOverride }} +{{- $.Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $.Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Compute chart name-version to be used by the chart label + +Return: string +*/}} +{{- define "metachart.chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Compute Chart labels + +Return: dict in json format +*/}} +{{- define "metachart.chartLabels" -}} +{{- $result := dict + "helm.sh/chart" (include "metachart.chart" $) + "app.kubernetes.io/instance" $.Release.Name + "app.kubernetes.io/managed-by" $.Release.Service +}} +{{- if $.Chart.AppVersion }} + {{- $_ := set $result "app.kubernetes.io/version" $.Chart.AppVersion }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Label selector to determine if a resource belongs to a component. Only +necessary and sufficient set of labels is used. + +Params: + + component : str - Component value which the resource belongs to + +Return: dict in json format +*/}} +{{- define "metachart.selectorLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $component := default nil $params.component }} +{{- /* Execution */}} +{{- $result := dict "app.kubernetes.io/instance" $.Release.Name }} +{{- with $component }} + {{- $_ := set $result "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute resource labels + +Params: + + definition : dict - Resource definition + component : str - Resource component value + relatedComponent : str - Related resource component value + +Return: dict in json format +*/}} +{{- define "metachart.resourceLabels" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $component := default nil $params.component }} +{{- $relatedComponent := default nil $params.relatedComponent }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $chartLabels := include "metachart.chartLabels" $context | fromJson }} +{{- $globalLabels := default dict (default dict (default dict $.Values.settings).global).labels | deepCopy }} +{{- $resourceLabels := default dict $resourceMeta.labels | deepCopy }} +{{- if $relatedComponent }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $relatedComponent}} +{{- else if $component }} + {{- $_ := set $chartLabels "app.kubernetes.io/component" $component}} +{{- end }} +{{- /* Validate if forbidden labels are used */}} +{{- range $reservedLabel := keys $chartLabels }} + {{- if hasKey $globalLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} + {{- if hasKey $resourceLabels $reservedLabel }} + {{- required (printf "Label %s is reserved for internal usage and can not be overrided" $reservedLabel) "" }} + {{- end }} +{{- end }} +{{- $result := merge $resourceLabels $globalLabels $chartLabels }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Compute checksums annotations for a resource + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceChecksumAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $checksums := default dict (default dict $definition.metadata).checksums }} +{{- range $kind, $names := $checksums }} + {{- if $names }} + {{- if (kindIs "slice" $names) }} + {{- range $name := $names }} + {{- $_ := set $result (printf "checksum-%s-%s" $kind $name) (include "metachart.checksumSingle" (merge (dict "params" + (dict + "kind" $kind + "name" $name + )) $)) }} + {{- end }} + {{- else if eq $names "*" }} + {{- $_ := set $result (printf "checksum-%s" $kind) (include "metachart.checksumKinds" (merge (dict "params" + (dict + "kinds" (list $kind) + )) $)) }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource annotations + +Params: + + definition : dict - Resource definition + +Return: dict in json format +*/}} +{{- define "metachart.resourceAnnotations" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- $checksums := (include "metachart.resourceChecksumAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- $result := merge (default dict ($resourceMeta.annotations) | deepCopy) (default dict $.Values.annotations) $checksums }} +{{- /* Return */}} +{{- $result | toJson}} +{{- end }} + +{{/* +Compute resource ObjectMeta + +Params: + + definition : dict - Resource definition + name : string - Resource name as defined in the values file + nameSuffix : string - Suffix to be added to the resource name + withName : bool - Whether name key must be added (default: true) + withNameFullnamePrefix : bool - Whether fullname prefix must be added to the name (default: true) + +Return: dict in json format +*/}} +{{- define "metachart.resourceMeta" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $nameSuffix := $params.nameSuffix }} +{{- $withName := (hasKey $params "withName" | ternary $params.withName true) }} +{{- $withNameFullnamePrefix := (hasKey $params "withNameFullnamePrefix" | ternary $params.withNameFullnamePrefix true) }} +{{- /* Execution */}} +{{- $resourceMeta := default dict $definition.metadata }} +{{- /* Execution */}} +{{- $result := omit $resourceMeta "labels" "annotations" "name" "checksums" }} +{{- $fullnamePrefix := "" }} +{{- if $withNameFullnamePrefix }} +{{- $fullnamePrefix = printf "%s-" (include "metachart.fullname" $context) }} +{{- end }} +{{- if $withName }} + {{- if $resourceMeta.name }} + {{- $_ := set $result "name" $resourceMeta.name }} + {{- else if $name }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s-%s" $fullnamePrefix $name $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $name) }} + {{- end }} + {{- else }} + {{- if $nameSuffix }} + {{- $_ := set $result "name" (printf "%s%s" $fullnamePrefix $nameSuffix) }} + {{- else }} + {{- $_ := set $result "name" (printf "%s" (include "metachart.fullname" $context)) }} + {{- end }} + {{- end }} +{{- end }} +{{- $_ := set $result "labels" (include "metachart.resourceLabels" (merge (dict "params" $params) $context) | fromJson) }} +{{- $_ = set $result "annotations" (include "metachart.resourceAnnotations" (merge (dict "params" $params) $context) | fromJson) }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover all string values and render them as templates + +Params: + + data : any - data to be processed + +Return: dict in json format +*/}} +{{- define "metachart.deepRender" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $data := ($params.data | deepCopy) }} +{{- /* Execution */}} +{{- if kindIs "string" $data }} + {{- $result := tpl $data $context }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else if kindIs "map" $data }} + {{- $result := dict }} + {{- range $key, $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $_ := set $result $key $newValue }} + {{- else }} + {{- $_ := set $result $key $value }} + {{- end }} + {{- end }} + {{- $result | toJson }} +{{- else if kindIs "slice" $data }} + {{- $result := list }} + {{- range $value := $data }} + {{- if kindIs "string" $value }} + {{- $newValue := tpl $value $context }} + {{- $result = append $result $newValue }} + {{- else if kindIs "map" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJson }} + {{- $result = append $result $newValue }} + {{- else if kindIs "slice" $value }} + {{- $newValue := include "metachart.deepRender" (merge (dict "params" (dict "data" $value)) $context) | fromJsonArray }} + {{- $result = append $result $newValue }} + {{- else }} + {{- $result = append $result $value }} + {{- end }} + {{- end }} + {{- /* Return */}} + {{- $result | toJson }} +{{- else }} + {{- $result := $data }} + {{- /* Return */}} + {{- $result | toJson }} +{{- end }} +{{- end }} + +{{/* +Deep merge like function which concats 2 slices if meets in instead of +override. This implementation takes into account that each of source and target +values can be none one of specific type or nil. + +Params: + + source : dict | slice - Merge from + target : dict | slice - Merge to + +Return: dict | slice in json format +*/}} +{{- define "metachart.mergeConcatLists" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $source := ($params.source | deepCopy) }} +{{- $target := ($params.target | deepCopy) }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $keys := keys (default dict $source) (default dict $target) | uniq }} +{{- range $key := $keys }} + {{- $sourceValue := get $source $key }} + {{- $targetValue := get $target $key }} + {{- if or (kindIs "map" $sourceValue) (kindIs "map" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "map" $sourceValue }}{{- else }}{{- $sourceValue = dict }}{{- end }} + {{- if kindIs "map" $targetValue }}{{- else }}{{- $targetValue = dict }}{{- end }} + {{- $newValue := include "metachart.mergeConcatLists" (dict "params" (dict + "source" $sourceValue + "target" $targetValue + )) | fromJson }} + {{- $_ := set $result $key $newValue }} + {{- else if or (kindIs "slice" $sourceValue) (kindIs "slice" $targetValue) }} + {{- /* Normalize types */}} + {{- if kindIs "slice" $sourceValue }}{{- else }}{{- $sourceValue = list }}{{- end }} + {{- if kindIs "slice" $targetValue }}{{- else }}{{- $targetValue = list }}{{- end }} + {{- $newValue := concat $sourceValue $targetValue }} + {{- $_ := set $result $key $newValue }} + {{- else if hasKey $target $key }} + {{- $_ := set $result $key $targetValue }} + {{- else }} + {{- $_ := set $result $key $sourceValue }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Discover defaults for the specific kind and apply them to the resource + +Params: + + definition : dict - Resource definition + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.setDefaults" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := ($params.definition | deepCopy) }} +{{- $kind := $params.kind }} +{{- $kindSettings := ternary (get $.Values.settings $kind) (dict) (hasKey (default dict $.Values.settings) $kind) }} +{{- /* Execution */}} +{{- $defaults := default dict $kindSettings.defaults }} +{{- include "metachart.mergeConcatLists" (dict "params" (dict + "source" $defaults + "target" $definition +)) }} +{{- end }} + +{{/* +Discover all available resources (standalone and related) of specific kind. +It takes into account: + +- If resource kind is not disable in settings +- If resource definition.enabled is not false + +Params: + + kind : string - Resource kind + +Return: dict in json format +*/}} +{{- define "metachart.discover" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $result := dict }} +{{- $kindSettings := dict }} +{{- if hasKey (default dict $.Values.settings) $kind }} + {{- $kindSettings = get (default dict $.Values.settings) $kind }} +{{- end }} +{{- if not $kindSettings.disabled }} + {{- if hasKey $.Values $kind }} + {{- range $resourceName, $resourceDefinition := get $.Values $kind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $_ := set $result $resourceName $resourceDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- /* Discover related resources */}} + {{- $settingsKindAll := include "metachart.settings" $context | fromYaml | keys }} + {{- range $settingsKind := $settingsKindAll }} + {{- $resourceSettings := dict }} + {{- if hasKey (default dict $.Values.settings) $settingsKind }} + {{- $resourceSettings = get (default dict $.Values.settings) $settingsKind }} + {{- end }} + {{- if not $resourceSettings.disabled }} + {{- if hasKey $.Values $settingsKind }} + {{- range $resourceName, $resourceDefinition := get $.Values $settingsKind }} + {{- if (hasKey $resourceDefinition "enabled" | ternary $resourceDefinition.enabled true) }} + {{- $resourceRelated := default dict $resourceDefinition.related }} + {{- if hasKey $resourceRelated $kind }} + {{- range $name, $definition := get $resourceRelated $kind }} + {{- if hasKey $result $name }} + {{- fail (printf "Resource %s/%s defined in global and related scopes" $kind $name) }} + {{- else }} + {{- $patchedDefinition := $definition | deepCopy }} + {{- $_ := set $patchedDefinition "relatedComponent" (printf "%s-%s" $settingsKind $resourceName)}} + {{- $_ = set $result $name $patchedDefinition}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Build a complete resource ready for rendering + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + definition : dict - Resource definition + apiVersion : strint - Resource ApiVersion + kindCamelCase : string - Resource kind in CamelCase format + preprocess : bool - Whether the resource kind has a preprocessor + +Return: dict in json format +*/}} +{{- define "metachart.buildResource" }} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $name := $params.name }} +{{- $definition := $params.definition }} +{{- $apiVersion := $params.apiVersion }} +{{- $kindCamelCase := $params.kindCamelCase }} +{{- $preprocess := $params.preprocess }} +{{- $kind := $params.kind }} +{{- /* Execution */}} +{{- $component := (printf "%s-%s" $kind $name) }} +{{- $relatedComponent := $definition.relatedComponent }} +{{- $resource := dict + "apiVersion" $apiVersion + "kind" $kindCamelCase +}} +{{- $resource = merge $resource (omit ($definition | deepCopy) "enabled" "metadata" "related" "relatedComponent") }} +{{- $_ := set $resource "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $definition + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson) }} +{{- /* Apply defaults */}} +{{- $resource = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $resource + "kind" $kind + )) $context) | fromJson }} +{{- /* Preprocessing */}} +{{- $preprocessed := $resource }} +{{- if $preprocess }} + {{- $preprocessor := printf "metachart.preprocess.%s" $kind }} + {{- $preprocessed = include $preprocessor (merge (dict "params" + (dict + "definition" $resource + "name" $name + "component" $component + "relatedComponent" $relatedComponent + )) $context) | fromJson }} +{{- end }} +{{- /* Render */}} +{{- $result := include "metachart.deepRender" (merge (dict "params" (dict "data" $preprocessed)) $) | fromJson }} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} + +{{/* +Render all release resources + +Return: yaml +*/}} +{{- define "metachart.renderAll" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $kinds := (include "metachart.settings" $context) | fromYaml | keys }} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "kinds" $kinds + )) $) }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Render specific resource kinds + +Params: + + kinds : slice - List of kinds + +Return: yaml +*/}} +{{- define "metachart.renderKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kinds := $params.kinds }} +{{- /* Execution */}} +{{- $result := "" }} +{{- range $kind := $kinds }} + {{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} + {{- range $name, $definition := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} + {{- $rendered := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} + {{- $result = printf "%s---%s\n...\n" $result $rendered }} + {{- end }} +{{- end }} +{{- /* Return */}} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of resources of specific kind + +Params: + + kinds : slice - List of kinds + +Return: string +*/}} +{{- define "metachart.checksumKinds" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderKinds" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} + +{{/* +Render single resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: yaml +*/}} +{{- define "metachart.renderSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $kind := $params.kind }} +{{- $name := $params.name }} +{{- /* Execution */}} +{{- $settings := get (include "metachart.settings" $context | fromYaml) $kind }} +{{- $definitionsAll := (include "metachart.discover" (merge (dict "params" + (dict + "kind" $kind + )) $context) | fromJson) }} +{{- if hasKey $definitionsAll $name }}{{- else }}{{- fail (printf "can not find resource %s/%s" $kind $name)}}{{- end }} +{{- $definition := get $definitionsAll $name }} +{{- $result := include "metachart.buildResource" (merge (dict "params" + (dict + "kind" $kind + "apiVersion" $settings.apiVersion + "kindCamelCase" $settings.kindCamelCase + "name" $name + "definition" $definition + "preprocess" $settings.preprocess + )) $context) | fromJson | toYaml | nindent 0 }} +{{- $result }} +{{- end }} + +{{/* +Calculate checksum of a specific resource + +Params: + + name : string - Resource name as defined in the values file + kind : string - Resource kind + +Return: string +*/}} +{{- define "metachart.checksumSingle" }} +{{- /* Cleanup context from the function params */}} +{{- $params := default dict $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- /* Execution */}} +{{- $result := include "metachart.renderSingle" (merge (dict "params" + (dict + "params" $params + )) $) }} +{{- /* Return */}} +{{- $result | sha256sum }} +{{- end }} diff --git a/charts/simple/templates/generated/_settings.tpl b/charts/simple/templates/generated/_settings.tpl new file mode 100644 index 0000000..b22f1fa --- /dev/null +++ b/charts/simple/templates/generated/_settings.tpl @@ -0,0 +1,143 @@ +{{- /* Resources definition */}} +{{- define "metachart.settings" }} +alertmanagerconfigs: + apiVersion: monitoring.coreos.com/v1alpha1 + kindCamelCase: AlertmanagerConfig + preprocess: false +apiservices: + apiVersion: apiregistration.k8s.io/v1 + kindCamelCase: APIService + preprocess: false +certificatesigningrequests: + apiVersion: certificates.k8s.io/v1 + kindCamelCase: CertificateSigningRequest + preprocess: false +clusterexternalsecrets: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ClusterExternalSecret + preprocess: false +clusterrolebindings: + apiVersion: rbac.authorization.k8s.io/v1 + kindCamelCase: ClusterRoleBinding + preprocess: false +clusterroles: + apiVersion: rbac.authorization.k8s.io/v1 + kindCamelCase: ClusterRole + preprocess: false +clustersecretstores: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ClusterSecretStore + preprocess: false +configmaps: + apiVersion: v1 + kindCamelCase: ConfigMap + preprocess: false +cronjobs: + apiVersion: batch/v1 + kindCamelCase: CronJob + preprocess: true +customresourcedefinitions: + apiVersion: apiextensions.k8s.io/v1 + kindCamelCase: CustomResourceDefinition + preprocess: false +daemonsets: + apiVersion: apps/v1 + kindCamelCase: DaemonSet + preprocess: true +deployments: + apiVersion: apps/v1 + kindCamelCase: Deployment + preprocess: true +externalsecrets: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: ExternalSecret + preprocess: false +horizontalpodautoscalers: + apiVersion: autoscaling/v1 + kindCamelCase: HorizontalPodAutoscaler + preprocess: false +ingressclasses: + apiVersion: networking.k8s.io/v1 + kindCamelCase: Ingress + preprocess: false +ingresses: + apiVersion: networking.k8s.io/v1 + kindCamelCase: Ingress + preprocess: false +jobs: + apiVersion: batch/v1 + kindCamelCase: Job + preprocess: true +mutatingwebhookconfigurations: + apiVersion: admissionregistration.k8s.io/v1 + kindCamelCase: MutatingWebhookConfiguration + preprocess: false +networkpolicies: + apiVersion: networking.k8s.io/v1 + kindCamelCase: Ingress + preprocess: false +persistentvolumeclaims: + apiVersion: v1 + kindCamelCase: PersistentVolumeClaim + preprocess: false +persistentvolumes: + apiVersion: v1 + kindCamelCase: PersistentVolume + preprocess: false +poddisruptionbudgets: + apiVersion: policy/v1 + kindCamelCase: PodDisruptionBudget + preprocess: true +podmonitors: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PodMonitor + preprocess: true +pods: + apiVersion: v1 + kindCamelCase: Pod + preprocess: true +priorityclasses: + apiVersion: scheduling.k8s.io/v1 + kindCamelCase: PriorityClass + preprocess: false +prometheusrules: + apiVersion: monitoring.coreos.com/v1 + kindCamelCase: PrometheusRule + preprocess: false +rolebindings: + apiVersion: rbac.authorization.k8s.io/v1 + kindCamelCase: RoleBinding + preprocess: false +roles: + apiVersion: rbac.authorization.k8s.io/v1 + kindCamelCase: Role + preprocess: false +secrets: + apiVersion: v1 + kindCamelCase: Secret + preprocess: false +secretstores: + apiVersion: external-secrets.io/v1beta1 + kindCamelCase: SecretStore + preprocess: false +serviceaccounts: + apiVersion: v1 + kindCamelCase: ServiceAccount + preprocess: false +services: + apiVersion: v1 + kindCamelCase: Service + preprocess: true +statefulsets: + apiVersion: apps/v1 + kindCamelCase: StatefulSet + preprocess: true +storageclasses: + apiVersion: storage.k8s.io/v1 + kindCamelCase: StorageClass + preprocess: false +validatingwebhookconfigurations: + apiVersion: admissionregistration.k8s.io/v1 + kindCamelCase: ValidatingWebhookConfiguration + preprocess: false +{{- end }} \ No newline at end of file diff --git a/charts/simple/templates/preprocess/_containers.tpl b/charts/simple/templates/preprocess/_containers.tpl new file mode 100644 index 0000000..e02b3c3 --- /dev/null +++ b/charts/simple/templates/preprocess/_containers.tpl @@ -0,0 +1,20 @@ +{{- define "metachart.preprocess.containers" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }}{{- $context := omit $ "params" }} +{{- /* Building the Container resource */}} +{{- $definition := $params.definition }} +{{- /* Execution */}} +{{- /* Apply container defaults */}} +{{- $definition = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $definition + "kind" "containers" + )) $) | fromJson }} +{{- /* Rendering */}} +{{- $result := merge + (include "metachart.imageSpecByRef" (merge (dict "params" (dict "imageRef" $definition.imageRef)) $) | fromYaml) + (omit $definition "imageRef") +}} +{{- /* Return */}} +{{- $result | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_cronjobs.tpl b/charts/simple/templates/preprocess/_cronjobs.tpl new file mode 100644 index 0000000..99c1096 --- /dev/null +++ b/charts/simple/templates/preprocess/_cronjobs.tpl @@ -0,0 +1,38 @@ +{{- define "metachart.preprocess.cronjobs" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- /* Execution */}} +{{- /* Read job definition */}} +{{- $job := $definition.spec.job | deepCopy }} +{{- $_ := unset $definition.spec "job" }} +{{- /* Apply metadata */}} +{{- $_ = set $job "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $job + "name" $name + "component" $component + "withName" false + )) $context) | fromJson) }} +{{- /* Apply job defaults */}} +{{- $job = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $job + "kind" "jobs" + )) $context) | fromJson }} +{{- /* Set spec.template */}} +{{- $_ = set $definition.spec "jobTemplate" ( + include "metachart.preprocess.jobs" (merge (dict "params" + (dict + "definition" $job + "name" $name + "component" $component + )) $context) | fromJson) +}} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_daemonsets.tpl b/charts/simple/templates/preprocess/_daemonsets.tpl new file mode 100644 index 0000000..781a58a --- /dev/null +++ b/charts/simple/templates/preprocess/_daemonsets.tpl @@ -0,0 +1,42 @@ +{{- define "metachart.preprocess.daemonsets" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- /* Execution */}} +{{- /* Set spec.selector */}} +{{- $_ := set $definition.spec "selector" (dict "matchLabels" (include "metachart.selectorLabels" (merge (dict "params" + (dict + "component" $component + )) $context) | fromJson) ) }} +{{- /* Read pod definition */}} +{{- $pod := $definition.spec.pod | deepCopy }} +{{- $_ = unset $definition.spec "pod" }} +{{- /* Apply metadata */}} +{{- $_ = set $pod "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + "withName" false + )) $context) | fromJson) }} +{{- /* Apply pod defaults */}} +{{- $pod = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $pod + "kind" "pods" + )) $context) | fromJson }} +{{- /* Set spec.template */}} +{{- $_ = set $definition.spec "template" (include "metachart.preprocess.pods" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + )) $context) | fromJson) +}} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_deployments.tpl b/charts/simple/templates/preprocess/_deployments.tpl new file mode 100644 index 0000000..b1effe7 --- /dev/null +++ b/charts/simple/templates/preprocess/_deployments.tpl @@ -0,0 +1,42 @@ +{{- define "metachart.preprocess.deployments" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- /* Execution */}} +{{- /* Set spec.selector */}} +{{- $_ := set $definition.spec "selector" (dict "matchLabels" (include "metachart.selectorLabels" (merge (dict "params" + (dict + "component" $component + )) $context) | fromJson) ) }} +{{- /* Read pod definition */}} +{{- $pod := $definition.spec.pod | deepCopy }} +{{- $_ = unset $definition.spec "pod" }} +{{- /* Apply metadata */}} +{{- $_ = set $pod "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + "withName" false + )) $context) | fromJson) }} +{{- /* Apply pod defaults */}} +{{- $pod = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $pod + "kind" "pods" + )) $context) | fromJson }} +{{- /* Set spec.template */}} +{{- $_ = set $definition.spec "template" (include "metachart.preprocess.pods" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + )) $context) | fromJson) +}} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_jobs.tpl b/charts/simple/templates/preprocess/_jobs.tpl new file mode 100644 index 0000000..7388bcc --- /dev/null +++ b/charts/simple/templates/preprocess/_jobs.tpl @@ -0,0 +1,38 @@ +{{- define "metachart.preprocess.jobs" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- /* Execution */}} +{{- /* Read pod definition */}} +{{- $pod := $definition.spec.pod | deepCopy }} +{{- $_ := unset $definition.spec "pod" }} +{{- /* Apply metadata */}} +{{- $_ = set $pod "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + "withName" false + )) $context) | fromJson) }} +{{- /* Apply pod defaults */}} +{{- $pod = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $pod + "kind" "pods" + )) $context) | fromJson }} +{{- /* Set spec.template */}} +{{- $_ = set $definition.spec "template" ( + include "metachart.preprocess.pods" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + )) $context) | fromJson) +}} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_poddisruptionbudgets.tpl b/charts/simple/templates/preprocess/_poddisruptionbudgets.tpl new file mode 100644 index 0000000..0da29a6 --- /dev/null +++ b/charts/simple/templates/preprocess/_poddisruptionbudgets.tpl @@ -0,0 +1,19 @@ +{{- define "metachart.preprocess.poddisruptionbudgets" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- $relatedComponent := $params.relatedComponent }} +{{- /* Execution */}} +{{- if $relatedComponent }} + {{- $_ := set $definition.spec "selector" (dict "matchLabels" (include "metachart.selectorLabels" (merge (dict "params" + (dict + "component" $relatedComponent + )) $context) | fromJson) ) }} +{{- end }} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_podmonitors.tpl b/charts/simple/templates/preprocess/_podmonitors.tpl new file mode 100644 index 0000000..c180910 --- /dev/null +++ b/charts/simple/templates/preprocess/_podmonitors.tpl @@ -0,0 +1,22 @@ +{{- define "metachart.preprocess.podmonitors" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- $relatedComponent := $params.relatedComponent }} +{{- /* Execution */}} +{{- if $relatedComponent }} + {{ $_ := set $definition.spec "selector" (dict "matchLabels" (include "metachart.selectorLabels" (merge (dict "params" + (dict + "component" $relatedComponent + )) $context) | fromJson) ) }} + {{- $_ = set $definition.spec "namespaceSelector" (dict + "matchNames" (list "{{ $.Release.Namespace }}") + )}} +{{- end }} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_pods.tpl b/charts/simple/templates/preprocess/_pods.tpl new file mode 100644 index 0000000..3bd5bb8 --- /dev/null +++ b/charts/simple/templates/preprocess/_pods.tpl @@ -0,0 +1,36 @@ +{{- define "metachart.preprocess.pods" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }}{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- /* Set pod.spec.initContainers*/}} +{{- if $definition.spec.initContainers }} + {{- $initContainers := list }} + {{- range $containerName, $container := $definition.spec.initContainers }} + {{- $initContainers = append $initContainers (merge + (dict "name" $containerName) + (include "metachart.preprocess.containers" (merge (dict "params" (dict + "definition" $container + )) $context) | fromJson) + ) }} + {{- end }} + {{- $_ := set $definition.spec "initContainers" $initContainers }} +{{- end }} +{{- /* Set pod.spec.containers*/}} +{{- if $definition.spec.containers }} + {{- $containers := list }} + {{- range $containerName, $container := $definition.spec.containers }} + {{- $containers = append $containers (merge + (dict "name" $containerName) + (include "metachart.preprocess.containers" (merge (dict "params" (dict + "definition" $container + )) $context) | fromJson) + ) }} + {{- end }} + {{- $_ := set $definition.spec "containers" $containers }} +{{- end }} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_services.tpl b/charts/simple/templates/preprocess/_services.tpl new file mode 100644 index 0000000..44e2e3f --- /dev/null +++ b/charts/simple/templates/preprocess/_services.tpl @@ -0,0 +1,19 @@ +{{- define "metachart.preprocess.services" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- $relatedComponent := $params.relatedComponent }} +{{- /* Execution */}} +{{- if $relatedComponent }} + {{ $_ := set $definition.spec "selector" (include "metachart.selectorLabels" (merge (dict "params" + (dict + "component" $relatedComponent + )) $context) | fromJson) }} +{{- end }} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/preprocess/_statefulsets.tpl b/charts/simple/templates/preprocess/_statefulsets.tpl new file mode 100644 index 0000000..080e1d0 --- /dev/null +++ b/charts/simple/templates/preprocess/_statefulsets.tpl @@ -0,0 +1,59 @@ +{{- define "metachart.preprocess.statefulsets" -}} +{{- /* Cleanup context from the function params */}} +{{- $params := $.params | deepCopy }} +{{- $context := omit $ "params" }} +{{- /* Get params */}} +{{- $definition := $params.definition }} +{{- $name := $params.name }} +{{- $component := $params.component }} +{{- /* Execution */}} +{{- /* Set spec.selector */}} +{{- $_ := set $definition.spec "selector" (dict "matchLabels" (include "metachart.selectorLabels" (merge (dict "params" + (dict + "component" $component + )) $context) | fromJson) ) }} +{{- /* Read pod definition */}} +{{- $pod := $definition.spec.pod | deepCopy }} +{{- $_ = unset $definition.spec "pod" }} +{{- /* Apply metadata */}} +{{- $_ = set $pod "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + "withName" false + )) $context) | fromJson) }} +{{- /* Apply pod defaults */}} +{{- $pod = include "metachart.setDefaults" (merge (dict "params" + (dict + "definition" $pod + "kind" "pods" + )) $context) | fromJson }} +{{- /* Set spec.template */}} +{{- $_ = set $definition.spec "template" (include "metachart.preprocess.pods" (merge (dict "params" + (dict + "definition" $pod + "name" $name + "component" $component + )) $context) | fromJson) +}} +{{- /* Set spec.volumeClaimTemplates */}} +{{- $volumeClaimTemplates := list }} +{{- range $volumeClaimTemplateName, $volumeClaimTemplate := (default $definition.spec.volumeClaimTemplates list) }} + {{- $persistentVolumeClaim := omit ($volumeClaimTemplate | deepCopy) "metadata" }} + {{- $volumeClaimTemplates = append $volumeClaimTemplates (dict + "metadata" (include "metachart.resourceMeta" (merge (dict "params" + (dict + "definition" . + "name" $volumeClaimTemplateName + "component" (printf "%s-%s" $component $volumeClaimTemplateName) + "withNameFullnamePrefix" false + )) $context) | fromJson + ) + "spec" $persistentVolumeClaim.spec + ) }} +{{- end }} +{{- $_ = set $definition.spec "volumeClaimTemplates" $volumeClaimTemplates }} +{{- /* Return */}} +{{- $definition | toJson }} +{{- end }} diff --git a/charts/simple/templates/resources.yaml b/charts/simple/templates/resources.yaml new file mode 100644 index 0000000..017a652 --- /dev/null +++ b/charts/simple/templates/resources.yaml @@ -0,0 +1 @@ +{{- include "metachart.renderAll" $ }} diff --git a/charts/simple/values.schema.full.json b/charts/simple/values.schema.full.json new file mode 100644 index 0000000..999cbe9 --- /dev/null +++ b/charts/simple/values.schema.full.json @@ -0,0 +1,11262 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata": { + "additionalProperties": false, + "properties": { + "node": { + "description": "When set to true, Prometheus must have permissions to get Nodes.", + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth": { + "additionalProperties": false, + "description": "BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints", + "properties": { + "password": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "The secret in the service monitor namespace that contains the password for authentication." + }, + "username": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "The secret in the service monitor namespace that contains the username for authentication." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector": { + "additionalProperties": false, + "description": "NamespaceSelector is a selector for selecting either all namespaces or a list of namespaces. If `any` is true, it takes precedence over `matchNames`. If `matchNames` is empty and `any` is false, it means that the objects are selected from the current namespace.", + "properties": { + "any": { + "description": "Boolean describing whether all namespaces are selected in contrast to a list restricting them.", + "type": "boolean" + }, + "matchNames": { + "description": "List of namespace names to select from.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2": { + "additionalProperties": false, + "description": "OAuth2 allows an endpoint to authenticate with OAuth2. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2", + "properties": { + "clientId": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "The secret or configmap containing the OAuth2 client id" + }, + "clientSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "The secret containing the OAuth2 client secret" + }, + "endpointParams": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Parameters to append to the token URL", + "type": "object" + }, + "scopes": { + "description": "OAuth2 scopes used for the token request", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "default": "", + "description": "The URL to fetch the token from", + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint": { + "additionalProperties": false, + "description": "PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization section for this endpoint" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {}, + "description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator." + }, + "enableHttp2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, + "filterRunning": { + "description": "Drop pods that are not running. (Failed, Succeeded). Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", + "type": "boolean" + }, + "followRedirects": { + "description": "FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.", + "type": "boolean" + }, + "honorLabels": { + "description": "HonorLabels chooses the metric's labels on collisions with target labels.", + "type": "boolean" + }, + "honorTimestamps": { + "description": "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.", + "type": "boolean" + }, + "interval": { + "description": "Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used.", + "type": "string" + }, + "metricRelabelings": { + "description": "MetricRelabelConfigs to apply to samples before ingestion.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." + }, + "params": { + "additionalProperties": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "description": "Optional HTTP URL parameters", + "type": "object" + }, + "path": { + "description": "HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`).", + "type": "string" + }, + "port": { + "description": "Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.", + "type": "string" + }, + "proxyUrl": { + "description": "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.", + "type": "string" + }, + "relabelings": { + "description": "RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "scheme": { + "description": "HTTP scheme to use for scraping.", + "type": "string" + }, + "scrapeTimeout": { + "description": "Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used.", + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Deprecated: Use 'port' instead." + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig", + "description": "TLS configuration to use when scraping the endpoint." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig": { + "additionalProperties": false, + "description": "PodMetricsEndpointTLSConfig specifies TLS configuration parameters.", + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the CA cert to use for the targets." + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the client cert file for the targets." + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing the client key file for the targets." + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec": { + "additionalProperties": false, + "description": "PodMonitorSpec contains specification parameters for a PodMonitor.", + "properties": { + "attachMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata", + "description": "Attaches node metadata to discovered targets. Only valid for role: pod. Only valid in Prometheus versions 2.35.0 and newer." + }, + "jobLabel": { + "description": "The label to use to retrieve the job name from.", + "type": "string" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {}, + "description": "Selector to select which namespaces the Endpoints objects are discovered from." + }, + "podMetricsEndpoints": { + "description": "A list of endpoints allowed as part of this PodMonitor.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint", + "default": {} + }, + "type": "array" + }, + "podTargetLabels": { + "description": "PodTargetLabels transfers labels on the Kubernetes Pod onto the target.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "format": "int64", + "type": "integer" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {}, + "description": "Selector to select Pod objects." + }, + "targetLimit": { + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "podMetricsEndpoints", + "selector" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec": { + "additionalProperties": false, + "description": "PrometheusRuleSpec contains specification parameters for a Rule.", + "properties": { + "groups": { + "description": "Content of Prometheus rule file", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig": { + "additionalProperties": false, + "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `\u003cmetric_relabel_configs\u003e`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "properties": { + "action": { + "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus \u003e= 2.36.", + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "type": "string" + }, + "separator": { + "description": "Separator placed between concatenated source label values. default is ';'.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Rule": { + "additionalProperties": false, + "description": "Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule", + "properties": { + "alert": { + "type": "string" + }, + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "expr": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "default": {} + }, + "for": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "record": { + "type": "string" + } + }, + "required": [ + "expr" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup": { + "additionalProperties": false, + "description": "RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are 'warn' or 'abort'. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response", + "properties": { + "interval": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "partial_response_strategy": { + "type": "string" + }, + "rules": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Rule", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name", + "rules" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization": { + "additionalProperties": false, + "description": "SafeAuthorization specifies a subset of the Authorization struct, that is safe for use in Endpoints (no CredentialsFile field)", + "properties": { + "credentials": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "The secret's key that contains the credentials of the request" + }, + "type": { + "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig": { + "additionalProperties": false, + "description": "SafeTLSConfig specifies safe TLS configuration parameters.", + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the CA cert to use for the targets." + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {}, + "description": "Struct containing the client cert file for the targets." + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing the client key file for the targets." + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap": { + "additionalProperties": false, + "description": "SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.", + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector", + "description": "ConfigMap containing data to use for the targets." + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Secret containing data to use for the targets." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4": { + "additionalProperties": false, + "description": "Sigv4 optionally configures AWS's Signature Verification 4 signing process to sign requests. Cannot be set at the same time as basic_auth or authorization.", + "properties": { + "accessKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used." + }, + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec": { + "additionalProperties": false, + "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource.", + "properties": { + "inhibitRules": { + "description": "List of inhibition rules. The rules will only apply to alerts matching the resource's namespace.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule", + "default": {} + }, + "type": "array" + }, + "receivers": { + "description": "List of receivers.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver", + "default": {} + }, + "type": "array" + }, + "route": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route", + "description": "The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route." + }, + "timeIntervals": { + "description": "List of TimeInterval specifying when the routes should be muted or active.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange": { + "additionalProperties": false, + "description": "DayOfMonthRange is an inclusive range of days of the month beginning at 1", + "properties": { + "end": { + "description": "End of the inclusive range", + "format": "int32", + "type": "integer" + }, + "start": { + "description": "Start of the inclusive range", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig": { + "additionalProperties": false, + "description": "EmailConfig configures notifications via Email.", + "properties": { + "authIdentity": { + "description": "The identity to use for authentication.", + "type": "string" + }, + "authPassword": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "authSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "authUsername": { + "description": "The username to use for authentication.", + "type": "string" + }, + "from": { + "description": "The sender address.", + "type": "string" + }, + "headers": { + "description": "Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "hello": { + "description": "The hostname to identify to the SMTP server.", + "type": "string" + }, + "html": { + "description": "The HTML body of the email notification.", + "type": "string" + }, + "requireTLS": { + "description": "The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "smarthost": { + "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", + "type": "string" + }, + "text": { + "description": "The text body of the email notification.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig", + "description": "TLS configuration" + }, + "to": { + "description": "The email address to send notifications to.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig": { + "additionalProperties": false, + "description": "HTTPConfig defines a client HTTP configuration. See https://prometheus.io/docs/alerting/latest/configuration/#http_config", + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization", + "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+." + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth", + "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence." + }, + "bearerTokenSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2", + "description": "OAuth2 client credentials used to fetch a token for the targets." + }, + "proxyURL": { + "description": "Optional proxy URL.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig", + "description": "TLS configuration for the client." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule": { + "additionalProperties": false, + "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", + "properties": { + "equal": { + "description": "Labels that must have an equal value in the source and target alert for the inhibition to take effect.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sourceMatch": { + "description": "Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "targetMatch": { + "description": "Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue": { + "additionalProperties": false, + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "default": "", + "description": "Key of the tuple.", + "type": "string" + }, + "value": { + "default": "", + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher": { + "additionalProperties": false, + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex match) or `!~` (not regex match). Negative operators (`!=` and `!~`) require Alertmanager \u003e= v0.22.0.", + "type": "string" + }, + "name": { + "default": "", + "description": "Label to match.", + "type": "string" + }, + "value": { + "default": "", + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig": { + "additionalProperties": false, + "description": "OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", + "properties": { + "actions": { + "description": "Comma separated list of actions that will be available for the alert.", + "type": "string" + }, + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "apiURL": { + "description": "The URL to send OpsGenie API requests to.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entity": { + "description": "Optional field that can be used to specify which domain alert is related to.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "Alert text limited to 130 characters.", + "type": "string" + }, + "note": { + "description": "Additional alert note.", + "type": "string" + }, + "priority": { + "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", + "type": "string" + }, + "responders": { + "description": "List of responders responsible for notifications.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder", + "default": {} + }, + "type": "array" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "source": { + "description": "Backlink to the sender of the notification.", + "type": "string" + }, + "tags": { + "description": "Comma separated list of tags attached to the notifications.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder": { + "additionalProperties": false, + "description": "OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.", + "properties": { + "id": { + "description": "ID of the responder.", + "type": "string" + }, + "name": { + "description": "Name of the responder.", + "type": "string" + }, + "type": { + "default": "", + "description": "Type of responder.", + "type": "string" + }, + "username": { + "description": "Username of the responder.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig": { + "additionalProperties": false, + "description": "PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", + "properties": { + "class": { + "description": "The class/type of the event.", + "type": "string" + }, + "client": { + "description": "Client identification.", + "type": "string" + }, + "clientURL": { + "description": "Backlink to the sender of notification.", + "type": "string" + }, + "component": { + "description": "The part or component of the affected system that is broken.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "Arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "group": { + "description": "A cluster or grouping of sources.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "pagerDutyImageConfigs": { + "description": "A list of image details to attach that provide further detail about an incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig", + "default": {} + }, + "type": "array" + }, + "pagerDutyLinkConfigs": { + "description": "A list of link details to attach that provide further detail about an incident.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig", + "default": {} + }, + "type": "array" + }, + "routingKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "serviceKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "severity": { + "description": "Severity of the incident.", + "type": "string" + }, + "url": { + "description": "The URL to send requests to.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig": { + "additionalProperties": false, + "description": "PagerDutyImageConfig attaches images to an incident", + "properties": { + "alt": { + "description": "Alt is the optional alternative text for the image.", + "type": "string" + }, + "href": { + "description": "Optional URL; makes the image a clickable link.", + "type": "string" + }, + "src": { + "description": "Src of the image being attached to the incident", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig": { + "additionalProperties": false, + "description": "PagerDutyLinkConfig attaches text links to an incident", + "properties": { + "alt": { + "description": "Text that describes the purpose of the link, and can be used as the link's text.", + "type": "string" + }, + "href": { + "description": "Href is the URL of the link to be attached", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig": { + "additionalProperties": false, + "description": "PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", + "properties": { + "expire": { + "description": "How long your notification will continue to be retried for, unless the user acknowledges the notification.", + "type": "string" + }, + "html": { + "description": "Whether notification message is HTML or plain text.", + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "Notification message.", + "type": "string" + }, + "priority": { + "description": "Priority, see https://pushover.net/api#priority", + "type": "string" + }, + "retry": { + "description": "How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sound": { + "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", + "type": "string" + }, + "title": { + "description": "Notification title.", + "type": "string" + }, + "token": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "url": { + "description": "A supplementary URL shown alongside the message.", + "type": "string" + }, + "urlTitle": { + "description": "A title for supplementary URL, otherwise just the URL is shown", + "type": "string" + }, + "userKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver": { + "additionalProperties": false, + "description": "Receiver defines one or more notification integrations.", + "properties": { + "emailConfigs": { + "description": "List of Email configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "description": "Name of the receiver. Must be unique across all items from the list.", + "type": "string" + }, + "opsgenieConfigs": { + "description": "List of OpsGenie configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig", + "default": {} + }, + "type": "array" + }, + "pagerdutyConfigs": { + "description": "List of PagerDuty configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig", + "default": {} + }, + "type": "array" + }, + "pushoverConfigs": { + "description": "List of Pushover configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig", + "default": {} + }, + "type": "array" + }, + "slackConfigs": { + "description": "List of Slack configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig", + "default": {} + }, + "type": "array" + }, + "snsConfigs": { + "description": "List of SNS configurations", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig", + "default": {} + }, + "type": "array" + }, + "telegramConfigs": { + "description": "List of Telegram configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig", + "default": {} + }, + "type": "array" + }, + "victoropsConfigs": { + "description": "List of VictorOps configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig", + "default": {} + }, + "type": "array" + }, + "webhookConfigs": { + "description": "List of webhook configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig", + "default": {} + }, + "type": "array" + }, + "wechatConfigs": { + "description": "List of WeChat configurations.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route": { + "additionalProperties": false, + "description": "Route defines a node in the routing tree.", + "properties": { + "continue": { + "description": "Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.", + "type": "boolean" + }, + "groupBy": { + "description": "List of labels to group by. Labels must not be repeated (unique list). Special label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "groupInterval": { + "description": "How long to wait before sending an updated notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"5m\"", + "type": "string" + }, + "groupWait": { + "description": "How long to wait before sending the initial notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"30s\"", + "type": "string" + }, + "matchers": { + "description": "List of matchers that the alert's labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: \u003cobject namespace\u003e` matcher.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "muteTimeIntervals": { + "description": "Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn't support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can't validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "receiver": { + "default": "", + "description": "Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.", + "type": "string" + }, + "repeatInterval": { + "description": "How long to wait before repeating the last notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"4h\"", + "type": "string" + }, + "routes": { + "description": "Child routes.", + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig": { + "additionalProperties": false, + "description": "SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", + "properties": { + "apiURL": { + "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.", + "type": "string" + }, + "attributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "SNS message attributes.", + "type": "object" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "The message content of the SNS notification.", + "type": "string" + }, + "phoneNumber": { + "description": "Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sigv4": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4", + "description": "Configures AWS's Signature Verification 4 signing process to sign requests." + }, + "subject": { + "description": "Subject line when the message is delivered to email endpoints.", + "type": "string" + }, + "targetARN": { + "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", + "type": "string" + }, + "topicARN": { + "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector": { + "additionalProperties": false, + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "default": "", + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "The name of the secret in the object's namespace to select from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction": { + "additionalProperties": false, + "description": "SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.", + "properties": { + "confirm": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField" + }, + "name": { + "type": "string" + }, + "style": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "type": { + "default": "", + "type": "string" + }, + "url": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "type", + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig": { + "additionalProperties": false, + "description": "SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config", + "properties": { + "actions": { + "description": "A list of Slack actions that are sent with each notification.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction", + "default": {} + }, + "type": "array" + }, + "apiURL": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "callbackId": { + "type": "string" + }, + "channel": { + "description": "The channel or user to send notifications to.", + "type": "string" + }, + "color": { + "type": "string" + }, + "fallback": { + "type": "string" + }, + "fields": { + "description": "A list of Slack fields that are sent with each notification.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField", + "default": {} + }, + "type": "array" + }, + "footer": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "iconEmoji": { + "type": "string" + }, + "iconURL": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "linkNames": { + "type": "boolean" + }, + "mrkdwnIn": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "pretext": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField": { + "additionalProperties": false, + "description": "SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.", + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField": { + "additionalProperties": false, + "description": "SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.", + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "title", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig": { + "additionalProperties": false, + "description": "TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", + "properties": { + "apiURL": { + "description": "The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.", + "type": "string" + }, + "botToken": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "Telegram bot token The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "chatID": { + "description": "The Telegram chat ID.", + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "description": "Disable telegram notifications", + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "Message template", + "type": "string" + }, + "parseMode": { + "description": "Parse mode for telegram message", + "type": "string" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval": { + "additionalProperties": false, + "description": "TimeInterval specifies the periods in time when notifications will be muted or active.", + "properties": { + "name": { + "description": "Name of the time interval.", + "type": "string" + }, + "timeIntervals": { + "description": "TimeIntervals is a list of TimePeriod.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod": { + "additionalProperties": false, + "description": "TimePeriod describes periods of time.", + "properties": { + "daysOfMonth": { + "description": "DaysOfMonth is a list of DayOfMonthRange", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange", + "default": {} + }, + "type": "array" + }, + "months": { + "description": "Months is a list of MonthRange", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "times": { + "description": "Times is a list of TimeRange", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange", + "default": {} + }, + "type": "array" + }, + "weekdays": { + "description": "Weekdays is a list of WeekdayRange", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "years": { + "description": "Years is a list of YearRange", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange": { + "additionalProperties": false, + "description": "TimeRange defines a start and end time in 24hr format", + "properties": { + "endTime": { + "description": "EndTime is the end time in 24hr format.", + "type": "string" + }, + "startTime": { + "description": "StartTime is the start time in 24hr format.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig": { + "additionalProperties": false, + "description": "VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", + "properties": { + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "apiUrl": { + "description": "The VictorOps API URL.", + "type": "string" + }, + "customFields": { + "description": "Additional custom fields for notification.", + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entityDisplayName": { + "description": "Contains summary of the alerted problem.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "The HTTP client's configuration." + }, + "messageType": { + "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", + "type": "string" + }, + "monitoringTool": { + "description": "The monitoring tool the state message is from.", + "type": "string" + }, + "routingKey": { + "default": "", + "description": "A key used to map the alert to a team.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "stateMessage": { + "description": "Contains long explanation of the alerted problem.", + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig": { + "additionalProperties": false, + "description": "WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", + "properties": { + "agentID": { + "type": "string" + }, + "apiSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + }, + "apiURL": { + "description": "The WeChat API URL.", + "type": "string" + }, + "corpID": { + "description": "The corp id for authentication.", + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "message": { + "description": "API request data as defined by the WeChat API.", + "type": "string" + }, + "messageType": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "toParty": { + "type": "string" + }, + "toTag": { + "type": "string" + }, + "toUser": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig": { + "additionalProperties": false, + "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig", + "description": "HTTP client configuration." + }, + "maxAlerts": { + "description": "Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.", + "format": "int32", + "type": "integer" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "url": { + "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined.", + "type": "string" + }, + "urlSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector", + "description": "The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth": { + "additionalProperties": false, + "description": "AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.", + "properties": { + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef": { + "additionalProperties": false, + "description": "AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.", + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The AccessKeyID is used for authentication" + }, + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessKey is used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth": { + "additionalProperties": false, + "description": "Authenticate against AWS using service account tokens.", + "properties": { + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider": { + "additionalProperties": false, + "description": "AWSProvider configures a store to sync secrets with AWS.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + }, + "region": { + "default": "", + "description": "AWS Region to be used for the provider", + "type": "string" + }, + "role": { + "description": "Role is a Role ARN which the SecretManager provider will assume", + "type": "string" + }, + "service": { + "default": "", + "description": "Service defines which service should be used to fetch the secrets", + "type": "string" + } + }, + "required": [ + "service", + "region" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth": { + "additionalProperties": false, + "properties": { + "kubernetesAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth", + "description": "Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource." + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef", + "default": {}, + "description": "Reference to a Secret that contains the details to authenticate with Akeyless." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef": { + "additionalProperties": false, + "description": "AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.", + "properties": { + "accessID": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessID is used for authentication" + }, + "accessType": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessTypeParam": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth": { + "additionalProperties": false, + "description": "Authenticate with Kubernetes ServiceAccount token stored.", + "properties": { + "accessID": { + "default": "", + "description": "the Akeyless Kubernetes auth-method access-id", + "type": "string" + }, + "k8sConfName": { + "default": "", + "description": "Kubernetes-auth configuration name in Akeyless-Gateway", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used." + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead." + } + }, + "required": [ + "accessID", + "k8sConfName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider": { + "additionalProperties": false, + "description": "AkeylessProvider Configures an store to sync secrets using Akeyless KV.", + "properties": { + "akeylessGWApiURL": { + "description": "Akeyless GW API Url from which the secrets to be fetched from.", + "type": "string" + }, + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth", + "description": "Auth configures how the operator authenticates with Akeyless." + } + }, + "required": [ + "akeylessGWApiURL", + "authSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth": { + "additionalProperties": false, + "description": "AlibabaAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef": { + "additionalProperties": false, + "description": "AlibabaAuthSecretRef holds secret references for Alibaba credentials.", + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The AccessKeyID is used for authentication" + }, + "accessKeySecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The AccessKeySecret is used for authentication" + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider": { + "additionalProperties": false, + "description": "AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth" + }, + "endpoint": { + "default": "", + "type": "string" + }, + "regionID": { + "default": "", + "description": "Alibaba Region to be used for the provider", + "type": "string" + } + }, + "required": [ + "auth", + "regionID" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth": { + "additionalProperties": false, + "description": "Configuration used to authenticate with Azure.", + "properties": { + "clientId": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "The Azure clientId of the service principle used for authentication." + }, + "clientSecret": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "The Azure ClientSecret of the service principle used for authentication." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using Azure KV.", + "properties": { + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth", + "description": "Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type." + }, + "authType": { + "description": "Auth type defines how to authenticate to the keyvault service. Valid values are: - \"ServicePrincipal\" (default): Using a service principal (tenantId, clientId, clientSecret) - \"ManagedIdentity\": Using Managed Identity assigned to the pod (see aad-pod-identity)", + "type": "string" + }, + "environmentType": { + "description": "EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud", + "type": "string" + }, + "identityId": { + "description": "If multiple Managed Identity is assigned to the pod, you can select the one to be used", + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity." + }, + "tenantId": { + "description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.", + "type": "string" + }, + "vaultUrl": { + "description": "Vault Url from which the secrets to be fetched from.", + "type": "string" + } + }, + "required": [ + "vaultUrl" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CAProvider": { + "additionalProperties": false, + "description": "Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "type": "string" + }, + "name": { + "default": "", + "description": "The name of the object located at the provider type.", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.", + "type": "string" + }, + "type": { + "default": "", + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CertAuth": { + "additionalProperties": false, + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "clientKey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec": { + "additionalProperties": false, + "description": "ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.", + "properties": { + "externalSecretName": { + "default": "", + "description": "The name of the external secrets to be created defaults to the name of the ClusterExternalSecret", + "type": "string" + }, + "externalSecretSpec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {}, + "description": "The spec for the ExternalSecrets to be created" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {}, + "description": "The labels to select by to find the Namespaces to create the ExternalSecrets in." + }, + "refreshTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "description": "The time in which the controller should reconcile it's objects and recheck namespaces for labels." + } + }, + "required": [ + "externalSecretSpec", + "namespaceSelector" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition": { + "additionalProperties": false, + "description": "ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.", + "properties": { + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Choose namespace using a labelSelector" + }, + "namespaces": { + "description": "Choose namespaces by name", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef": { + "additionalProperties": false, + "properties": { + "dopplerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified." + } + }, + "required": [ + "dopplerToken" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider": { + "additionalProperties": false, + "description": "DopplerProvider configures a store to sync secrets using the Doppler provider. Project and Config are required if not using a Service Token.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth", + "description": "Auth configures how the Operator authenticates with the Doppler API" + }, + "config": { + "description": "Doppler config (required if not using a Service Token)", + "type": "string" + }, + "format": { + "description": "Format enables the downloading of secrets as a file (string)", + "type": "string" + }, + "nameTransformer": { + "description": "Environment variable compatible name transforms that change secret names to a different format", + "type": "string" + }, + "project": { + "description": "Doppler project (required if not using a Service Token)", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData": { + "additionalProperties": false, + "description": "ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.\u003ckey\u003e) and the Provider data.", + "properties": { + "remoteRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef", + "default": {} + }, + "secretKey": { + "default": "", + "type": "string" + } + }, + "required": [ + "secretKey", + "remoteRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef": { + "additionalProperties": false, + "properties": { + "extract": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef", + "description": "Used to extract multiple key/value pairs from one secret" + }, + "find": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind", + "description": "Used to find secrets based on tags or regular expressions" + }, + "rewrite": { + "description": "Used to rewrite secret Keys after getting them from the secret Provider Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef": { + "additionalProperties": false, + "description": "ExternalSecretDataRemoteRef defines Provider data location.", + "properties": { + "conversionStrategy": { + "description": "Used to define a conversion Strategy", + "type": "string" + }, + "decodingStrategy": { + "description": "Used to define a decoding Strategy", + "type": "string" + }, + "key": { + "default": "", + "description": "Key is the key used in the Provider, mandatory", + "type": "string" + }, + "metadataPolicy": { + "description": "Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None", + "type": "string" + }, + "property": { + "description": "Used to select a specific property of the Provider value (if a map), if supported", + "type": "string" + }, + "version": { + "description": "Used to select a specific version of the Provider value, if supported", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind": { + "additionalProperties": false, + "properties": { + "conversionStrategy": { + "description": "Used to define a conversion Strategy", + "type": "string" + }, + "decodingStrategy": { + "description": "Used to define a decoding Strategy", + "type": "string" + }, + "name": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FindName", + "description": "Finds secrets based on the name." + }, + "path": { + "description": "A root path to start the find operations.", + "type": "string" + }, + "tags": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Find secrets based on tags.", + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite": { + "additionalProperties": false, + "properties": { + "regexp": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp", + "description": "Used to rewrite with regular expressions. The resulting key will be the output of a regexp.ReplaceAll operation." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp": { + "additionalProperties": false, + "properties": { + "source": { + "default": "", + "description": "Used to define the regular expression of a re.Compiler.", + "type": "string" + }, + "target": { + "default": "", + "description": "Used to define the target pattern of a ReplaceAll operation.", + "type": "string" + } + }, + "required": [ + "source", + "target" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec": { + "additionalProperties": false, + "description": "ExternalSecretSpec defines the desired state of ExternalSecret.", + "properties": { + "data": { + "description": "Data defines the connection between the Kubernetes Secret keys and the Provider data", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData", + "default": {} + }, + "type": "array" + }, + "dataFrom": { + "description": "DataFrom is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef", + "default": {} + }, + "type": "array" + }, + "refreshInterval": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\" May be set to zero to fetch and create it once. Defaults to 1h." + }, + "secretStoreRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef", + "default": {} + }, + "target": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget", + "default": {} + } + }, + "required": [ + "secretStoreRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget": { + "additionalProperties": false, + "description": "ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.", + "properties": { + "creationPolicy": { + "description": "CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'", + "type": "string" + }, + "deletionPolicy": { + "description": "DeletionPolicy defines rules on how to delete the resulting Secret Defaults to 'Retain'", + "type": "string" + }, + "immutable": { + "description": "Immutable defines if the final secret will be immutable", + "type": "boolean" + }, + "name": { + "description": "Name defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource", + "type": "string" + }, + "template": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate", + "description": "Template defines a blueprint for the created Secret resource." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate": { + "additionalProperties": false, + "description": "ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448", + "properties": { + "data": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata", + "default": {} + }, + "templateFrom": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom", + "default": {} + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata": { + "additionalProperties": false, + "description": "ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider": { + "additionalProperties": false, + "description": "FakeProvider configures a fake provider that returns static values.", + "properties": { + "data": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "value": { + "type": "string" + }, + "valueMap": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FindName": { + "additionalProperties": false, + "properties": { + "regexp": { + "description": "Finds secrets base", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef" + }, + "workloadIdentity": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessKey is used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider": { + "additionalProperties": false, + "description": "GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against GCP" + }, + "projectID": { + "description": "ProjectID project where secret is located", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity": { + "additionalProperties": false, + "properties": { + "clusterLocation": { + "default": "", + "type": "string" + }, + "clusterName": { + "default": "", + "type": "string" + }, + "clusterProjectID": { + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {} + } + }, + "required": [ + "serviceAccountRef", + "clusterLocation", + "clusterName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth": { + "additionalProperties": false, + "properties": { + "SecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef", + "default": {} + } + }, + "required": [ + "SecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider": { + "additionalProperties": false, + "description": "Configures a store to sync secrets with a GitLab instance.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with a GitLab instance." + }, + "environment": { + "description": "Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)", + "type": "string" + }, + "projectID": { + "description": "ProjectID specifies a project where secrets are located.", + "type": "string" + }, + "url": { + "description": "URL configures the GitLab instance URL. Defaults to https://gitlab.com/.", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef": { + "additionalProperties": false, + "properties": { + "accessToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "AccessToken is used for authentication." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth": { + "additionalProperties": false, + "properties": { + "containerAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth", + "default": {} + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth": { + "additionalProperties": false, + "description": "IBM Container-based auth with IAM Trusted Profile.", + "properties": { + "iamEndpoint": { + "type": "string" + }, + "profile": { + "default": "", + "description": "the IBM Trusted Profile", + "type": "string" + }, + "tokenLocation": { + "description": "Location the token is mounted on the pod", + "type": "string" + } + }, + "required": [ + "profile" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretApiKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The SecretAccessKey is used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with the IBM secrets manager." + }, + "serviceUrl": { + "description": "ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth": { + "additionalProperties": false, + "properties": { + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CertAuth", + "description": "has both clientCert and clientKey as secretKeySelector" + }, + "serviceAccount": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "points to a service account that should be used for authentication" + }, + "token": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth", + "description": "use static token to authenticate with" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider": { + "additionalProperties": false, + "description": "Configures a store to sync secrets with a Kubernetes instance.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with a Kubernetes instance." + }, + "remoteNamespace": { + "default": "", + "description": "Remote namespace to fetch the secrets from", + "type": "string" + }, + "server": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer", + "default": {}, + "description": "configures the Kubernetes server Address." + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer": { + "additionalProperties": false, + "properties": { + "caBundle": { + "description": "CABundle is a base64-encoded CA certificate", + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider", + "description": "see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider" + }, + "url": { + "description": "configures the Kubernetes server Address.", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth": { + "additionalProperties": false, + "description": "OnePasswordAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef" + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef": { + "additionalProperties": false, + "description": "OnePasswordAuthSecretRef holds secret references for 1Password credentials.", + "properties": { + "connectTokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The ConnectToken is used for authentication to a 1Password Connect Server." + } + }, + "required": [ + "connectTokenSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider": { + "additionalProperties": false, + "description": "OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth", + "description": "Auth defines the information necessary to authenticate against OnePassword Connect Server" + }, + "connectHost": { + "default": "", + "description": "ConnectHost defines the OnePassword Connect Server to connect to", + "type": "string" + }, + "vaults": { + "additionalProperties": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "description": "Vaults defines which OnePassword vaults to search in which order", + "type": "object" + } + }, + "required": [ + "auth", + "connectHost", + "vaults" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef", + "default": {}, + "description": "SecretRef to pass through sensitive information." + }, + "tenancy": { + "default": "", + "description": "Tenancy is the tenancy OCID where user is located.", + "type": "string" + }, + "user": { + "default": "", + "description": "User is an access OCID specific to the account.", + "type": "string" + } + }, + "required": [ + "tenancy", + "user", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using a Oracle Vault backend.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth", + "description": "Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth." + }, + "region": { + "default": "", + "description": "Region is the region where vault is located.", + "type": "string" + }, + "vault": { + "default": "", + "description": "Vault is the vault's OCID of the specific vault where secret is located.", + "type": "string" + } + }, + "required": [ + "region", + "vault" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef": { + "additionalProperties": false, + "properties": { + "fingerprint": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "Fingerprint is the fingerprint of the API private key." + }, + "privatekey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "PrivateKey is the user's API Signing Key in PEM format, used for authentication." + } + }, + "required": [ + "privatekey", + "fingerprint" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider": { + "additionalProperties": false, + "description": "SecretStoreProvider contains the provider-specific configuration.", + "properties": { + "akeyless": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider", + "description": "Akeyless configures this store to sync secrets using Akeyless Vault provider" + }, + "alibaba": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider", + "description": "Alibaba configures this store to sync secrets using Alibaba Cloud provider" + }, + "aws": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider", + "description": "AWS configures this store to sync secrets using AWS Secret Manager provider" + }, + "azurekv": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider", + "description": "AzureKV configures this store to sync secrets using Azure Key Vault provider" + }, + "doppler": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider", + "description": "Doppler configures this store to sync secrets using the Doppler provider" + }, + "fake": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider", + "description": "Fake configures a store with static key/value pairs" + }, + "gcpsm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider", + "description": "GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider" + }, + "gitlab": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider", + "description": "Gitlab configures this store to sync secrets using Gitlab Variables provider" + }, + "ibm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider", + "description": "IBM configures this store to sync secrets using IBM Cloud provider" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider", + "description": "Kubernetes configures this store to sync secrets using a Kubernetes cluster provider" + }, + "onepassword": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider", + "description": "OnePassword configures this store to sync secrets using the 1Password Cloud provider" + }, + "oracle": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider", + "description": "Oracle configures this store to sync secrets using Oracle Vault provider" + }, + "senhasegura": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider", + "description": "Senhasegura configures this store to sync secrets using senhasegura provider" + }, + "vault": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider", + "description": "Vault configures this store to sync secrets using Hashi provider" + }, + "webhook": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider", + "description": "Webhook configures this store to sync secrets using a generic templated webhook" + }, + "yandexcertificatemanager": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider", + "description": "YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider" + }, + "yandexlockbox": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider", + "description": "YandexLockbox configures this store to sync secrets using Yandex Lockbox provider" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef": { + "additionalProperties": false, + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the SecretStore resource", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings": { + "additionalProperties": false, + "properties": { + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "retryInterval": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec": { + "additionalProperties": false, + "description": "SecretStoreSpec defines the desired state of SecretStore.", + "properties": { + "conditions": { + "description": "Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition", + "default": {} + }, + "type": "array" + }, + "controller": { + "default": "", + "description": "Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property", + "type": "string" + }, + "provider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider", + "description": "Used to configure the provider. Only one provider may be set" + }, + "refreshInterval": { + "default": 0, + "description": "Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.", + "format": "int32", + "type": "integer" + }, + "retrySettings": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings", + "description": "Used to configure http retries if failed" + } + }, + "required": [ + "provider" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth": { + "additionalProperties": false, + "description": "SenhaseguraAuth tells the controller how to do auth in senhasegura.", + "properties": { + "clientId": { + "default": "", + "type": "string" + }, + "clientSecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "clientId", + "clientSecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider": { + "additionalProperties": false, + "description": "SenhaseguraProvider setup a store to sync secrets with senhasegura.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth", + "default": {}, + "description": "Auth defines parameters to authenticate in senhasegura" + }, + "ignoreSslCertificate": { + "description": "IgnoreSslCertificate defines if SSL certificate must be ignored", + "type": "boolean" + }, + "module": { + "default": "", + "description": "Module defines which senhasegura module should be used to get secrets", + "type": "string" + }, + "url": { + "default": "", + "description": "URL of senhasegura", + "type": "string" + } + }, + "required": [ + "url", + "module", + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + }, + "secret": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name", + "items" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth": { + "additionalProperties": false, + "properties": { + "bearerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole": { + "additionalProperties": false, + "description": "VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "properties": { + "path": { + "default": "", + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", + "type": "string" + }, + "roleId": { + "default": "", + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret." + } + }, + "required": [ + "path", + "roleId", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth": { + "additionalProperties": false, + "description": "VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.", + "properties": { + "appRole": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole", + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource." + }, + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth", + "description": "Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method" + }, + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth", + "description": "Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth", + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server." + }, + "ldap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth", + "description": "Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method" + }, + "tokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "TokenSecretRef authenticates with Vault by presenting a token." + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth": { + "additionalProperties": false, + "description": "VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.", + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "ClientCert is a certificate to authenticate using the Cert Vault authentication method" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth": { + "additionalProperties": false, + "description": "VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.", + "properties": { + "kubernetesServiceAccountToken": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth", + "description": "Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API." + }, + "path": { + "default": "", + "description": "Path where the JWT authentication backend is mounted in Vault, e.g: \"jwt\"", + "type": "string" + }, + "role": { + "default": "", + "description": "Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method." + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth": { + "additionalProperties": false, + "description": "Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.", + "properties": { + "mountPath": { + "default": "", + "description": "Path where the Kubernetes authentication backend is mounted in Vault, e.g: \"kubernetes\"", + "type": "string" + }, + "role": { + "default": "", + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used." + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "description": "Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead." + } + }, + "required": [ + "mountPath", + "role" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth": { + "additionalProperties": false, + "description": "VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.", + "properties": { + "audiences": { + "description": "Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "expirationSeconds": { + "description": "Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.", + "format": "int64", + "type": "integer" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {}, + "description": "Service account field containing the name of a kubernetes ServiceAccount." + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth": { + "additionalProperties": false, + "description": "VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.", + "properties": { + "path": { + "default": "", + "description": "Path where the LDAP authentication backend is mounted in Vault, e.g: \"ldap\"", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method" + }, + "username": { + "default": "", + "description": "Username is a LDAP user name used to authenticate using the LDAP Vault authentication method", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider": { + "additionalProperties": false, + "description": "Configures an store to sync secrets using a HashiCorp Vault KV backend.", + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth", + "default": {}, + "description": "Auth configures how secret-manager authenticates with the Vault server." + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider", + "description": "The provider for the CA bundle to use to validate Vault server certificate." + }, + "forwardInconsistent": { + "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", + "type": "boolean" + }, + "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", + "type": "string" + }, + "path": { + "description": "Path is the mount path of the Vault KV backend endpoint, e.g: \"secret\". The v2 KV secret engine version specific \"/data\" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.", + "type": "string" + }, + "readYourWrites": { + "description": "ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency", + "type": "boolean" + }, + "server": { + "default": "", + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", + "type": "string" + }, + "version": { + "default": "", + "description": "Version is the Vault KV secret engine version. This can be either \"v1\" or \"v2\". Version defaults to \"v2\".", + "type": "string" + } + }, + "required": [ + "auth", + "server", + "version" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider": { + "additionalProperties": false, + "description": "Defines a location to fetch the cert for the webhook provider from.", + "properties": { + "key": { + "description": "The key the value inside of the provider type to use, only used with \"Secret\" type", + "type": "string" + }, + "name": { + "default": "", + "description": "The name of the object located at the provider type.", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.", + "type": "string" + }, + "type": { + "default": "", + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider": { + "additionalProperties": false, + "description": "AkeylessProvider Configures an store to sync secrets using Akeyless KV.", + "properties": { + "body": { + "description": "Body", + "type": "string" + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider", + "description": "The provider for the CA bundle to use to validate webhook server certificate." + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Headers", + "type": "object" + }, + "method": { + "description": "Webhook Method", + "type": "string" + }, + "result": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult", + "default": {}, + "description": "Result formatting" + }, + "secrets": { + "description": "Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name", + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret", + "default": {} + }, + "type": "array" + }, + "timeout": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration", + "description": "Timeout" + }, + "url": { + "default": "", + "description": "Webhook url to call", + "type": "string" + } + }, + "required": [ + "url", + "result" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult": { + "additionalProperties": false, + "properties": { + "jsonPath": { + "description": "Json path of return value", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret": { + "additionalProperties": false, + "properties": { + "name": { + "default": "", + "description": "Name of this secret in templates", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "Secret ref to fill in credentials" + } + }, + "required": [ + "name", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The authorized key used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider": { + "additionalProperties": false, + "description": "YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.", + "properties": { + "apiEndpoint": { + "description": "Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against Yandex Certificate Manager" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider", + "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {}, + "description": "The authorized key used for authentication" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider": { + "additionalProperties": false, + "description": "YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.", + "properties": { + "apiEndpoint": { + "description": "Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth", + "default": {}, + "description": "Auth defines the information necessary to authenticate against Yandex Lockbox" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider", + "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.meta.v1.SecretKeySelector": { + "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.", + "properties": { + "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.", + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.meta.v1.ServiceAccountSelector": { + "additionalProperties": false, + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "name": { + "default": "", + "description": "The name of the ServiceAccount resource being referred to.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.MutatingWebhook": { + "additionalProperties": false, + "description": "MutatingWebhook describes an admission webhook and the resources and operations it applies to.", + "properties": { + "admissionReviewVersions": { + "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientConfig": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig", + "description": "ClientConfig defines how to communicate with the hook. Required" + }, + "failurePolicy": { + "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.", + "type": "string" + }, + "matchPolicy": { + "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"", + "type": "string" + }, + "name": { + "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", + "type": "string" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything." + }, + "objectSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything." + }, + "reinvocationPolicy": { + "description": "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".", + "type": "string" + }, + "rules": { + "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" + }, + "type": "array" + }, + "sideEffects": { + "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.", + "type": "string" + }, + "timeoutSeconds": { + "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.RuleWithOperations": { + "additionalProperties": false, + "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.", + "properties": { + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "operations": { + "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.ServiceReference": { + "additionalProperties": false, + "description": "ServiceReference holds a reference to Service.legacy.k8s.io", + "properties": { + "name": { + "description": "`name` is the name of the service. Required", + "type": "string" + }, + "namespace": { + "description": "`namespace` is the namespace of the service. Required", + "type": "string" + }, + "path": { + "description": "`path` is an optional URL path which will be sent in any request to this service.", + "type": "string" + }, + "port": { + "description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "namespace", + "name" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.ValidatingWebhook": { + "additionalProperties": false, + "description": "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.", + "properties": { + "admissionReviewVersions": { + "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientConfig": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig", + "description": "ClientConfig defines how to communicate with the hook. Required" + }, + "failurePolicy": { + "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.", + "type": "string" + }, + "matchPolicy": { + "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"", + "type": "string" + }, + "name": { + "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", + "type": "string" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything." + }, + "objectSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything." + }, + "rules": { + "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" + }, + "type": "array" + }, + "sideEffects": { + "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.", + "type": "string" + }, + "timeoutSeconds": { + "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.WebhookClientConfig": { + "additionalProperties": false, + "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook", + "properties": { + "caBundle": { + "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.", + "format": "byte", + "type": "string" + }, + "service": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ServiceReference", + "description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`." + }, + "url": { + "description": "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.DaemonSetUpdateStrategy": { + "additionalProperties": false, + "description": "DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.", + "properties": { + "rollingUpdate": { + "$ref": "#/definitions/io.k8s.api.apps.v1.RollingUpdateDaemonSet", + "description": "Rolling update config params. Present only if type = \"RollingUpdate\"." + }, + "type": { + "description": "Type of daemon set update. Can be \"RollingUpdate\" or \"OnDelete\". Default is RollingUpdate.\n\n", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.DeploymentStrategy": { + "additionalProperties": false, + "description": "DeploymentStrategy describes how to replace existing pods with new ones.", + "properties": { + "rollingUpdate": { + "$ref": "#/definitions/io.k8s.api.apps.v1.RollingUpdateDeployment", + "description": "Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate." + }, + "type": { + "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.\n\n", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.RollingUpdateDaemonSet": { + "additionalProperties": false, + "description": "Spec to control the desired behavior of daemon set rolling update.", + "properties": { + "maxSurge": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption." + }, + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update." + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.RollingUpdateDeployment": { + "additionalProperties": false, + "description": "Spec to control the desired behavior of rolling update.", + "properties": { + "maxSurge": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods." + }, + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods." + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.RollingUpdateStatefulSetStrategy": { + "additionalProperties": false, + "description": "RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.", + "properties": { + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable." + }, + "partition": { + "description": "Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy": { + "additionalProperties": false, + "description": "StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from the StatefulSet VolumeClaimTemplates.", + "properties": { + "whenDeleted": { + "description": "WhenDeleted specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is deleted. The default policy of `Retain` causes PVCs to not be affected by StatefulSet deletion. The `Delete` policy causes those PVCs to be deleted.", + "type": "string" + }, + "whenScaled": { + "description": "WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. The default policy of `Retain` causes PVCs to not be affected by a scaledown. The `Delete` policy causes the associated PVCs for any excess pods above the replica count to be deleted.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.StatefulSetUpdateStrategy": { + "additionalProperties": false, + "description": "StatefulSetUpdateStrategy indicates the strategy that the StatefulSet controller will use to perform updates. It includes any additional parameters necessary to perform the update for the indicated strategy.", + "properties": { + "rollingUpdate": { + "$ref": "#/definitions/io.k8s.api.apps.v1.RollingUpdateStatefulSetStrategy", + "description": "RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType." + }, + "type": { + "description": "Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.\n\n", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.autoscaling.v1.CrossVersionObjectReference": { + "additionalProperties": false, + "description": "CrossVersionObjectReference contains enough information to let you identify the referred resource.", + "properties": { + "apiVersion": { + "description": "API version of the referent", + "type": "string" + }, + "kind": { + "description": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"", + "type": "string" + }, + "name": { + "description": "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec": { + "additionalProperties": false, + "description": "specification of a horizontal pod autoscaler.", + "properties": { + "maxReplicas": { + "description": "upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas.", + "format": "int32", + "type": "integer" + }, + "minReplicas": { + "description": "minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available.", + "format": "int32", + "type": "integer" + }, + "scaleTargetRef": { + "$ref": "#/definitions/io.k8s.api.autoscaling.v1.CrossVersionObjectReference", + "description": "reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption and will set the desired number of pods by using its Scale subresource." + }, + "targetCPUUtilizationPercentage": { + "description": "target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "scaleTargetRef", + "maxReplicas" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicy": { + "additionalProperties": false, + "description": "PodFailurePolicy describes how failed pods influence the backoffLimit.", + "properties": { + "rules": { + "description": "A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.", + "items": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyRule" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "rules" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement": { + "additionalProperties": false, + "description": "PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.", + "properties": { + "containerName": { + "description": "Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.", + "type": "string" + }, + "operator": { + "description": "Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is in the set of specified values.\n- NotIn: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is not in the set of specified values.\nAdditional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.\n\n", + "type": "string" + }, + "values": { + "description": "Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.", + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator", + "values" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern": { + "additionalProperties": false, + "description": "PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.", + "properties": { + "status": { + "description": "Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.", + "type": "string" + }, + "type": { + "description": "Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicyRule": { + "additionalProperties": false, + "description": "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.", + "properties": { + "action": { + "description": "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all\n running pods are terminated.\n- Ignore: indicates that the counter towards the .backoffLimit is not\n incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.\n\n", + "type": "string" + }, + "onExitCodes": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement", + "description": "Represents the requirement on the container exit codes." + }, + "onPodConditions": { + "description": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.", + "items": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "action", + "onPodConditions" + ], + "type": "object" + }, + "io.k8s.api.certificates.v1.CertificateSigningRequestSpec": { + "additionalProperties": false, + "description": "CertificateSigningRequestSpec contains the certificate request.", + "properties": { + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.\n\nThe v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.\n\nCertificate signers may not honor this field for various reasons:\n\n 1. Old signer that is unaware of the field (such as the in-tree\n implementations prior to v1.22)\n 2. Signer whose configured maximum is shorter than the requested duration\n 3. Signer whose configured minimum is longer than the requested duration\n\nThe minimum valid value for expirationSeconds is 600, i.e. 10 minutes.", + "format": "int32", + "type": "integer" + }, + "extra": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.", + "type": "object" + }, + "groups": { + "description": "groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "request": { + "description": "request contains an x509 certificate signing request encoded in a \"CERTIFICATE REQUEST\" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.", + "format": "byte", + "type": "string", + "x-kubernetes-list-type": "atomic" + }, + "signerName": { + "description": "signerName indicates the requested signer, and is a qualified name.\n\nList/watch requests for CertificateSigningRequests can filter on this field using a \"spec.signerName=NAME\" fieldSelector.\n\nWell-known Kubernetes signers are:\n 1. \"kubernetes.io/kube-apiserver-client\": issues client certificates that can be used to authenticate to kube-apiserver.\n Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the \"csrsigning\" controller in kube-controller-manager.\n 2. \"kubernetes.io/kube-apiserver-client-kubelet\": issues client certificates that kubelets use to authenticate to kube-apiserver.\n Requests for this signer can be auto-approved by the \"csrapproving\" controller in kube-controller-manager, and can be issued by the \"csrsigning\" controller in kube-controller-manager.\n 3. \"kubernetes.io/kubelet-serving\" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.\n Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the \"csrsigning\" controller in kube-controller-manager.\n\nMore details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers\n\nCustom signerNames can also be specified. The signer defines:\n 1. Trust distribution: how trust (CA bundles) are distributed.\n 2. Permitted subjects: and behavior when a disallowed subject is requested.\n 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.\n 4. Required, permitted, or forbidden key usages / extended key usages.\n 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.\n 6. Whether or not requests for CA certificates are allowed.", + "type": "string" + }, + "uid": { + "description": "uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.", + "type": "string" + }, + "usages": { + "description": "usages specifies a set of key usages requested in the issued certificate.\n\nRequests for TLS client certificates typically request: \"digital signature\", \"key encipherment\", \"client auth\".\n\nRequests for TLS serving certificates typically request: \"key encipherment\", \"digital signature\", \"server auth\".\n\nValid values are:\n \"signing\", \"digital signature\", \"content commitment\",\n \"key encipherment\", \"key agreement\", \"data encipherment\",\n \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\",\n \"server auth\", \"client auth\",\n \"code signing\", \"email protection\", \"s/mime\",\n \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\",\n \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "username": { + "description": "username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.", + "type": "string" + } + }, + "required": [ + "request", + "signerName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "additionalProperties": false, + "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Affinity": { + "additionalProperties": false, + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAffinity", + "description": "Describes node affinity scheduling rules for the pod." + }, + "podAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinity", + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + }, + "podAntiAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAntiAffinity", + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "additionalProperties": false, + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFilePersistentVolumeSource": { + "additionalProperties": false, + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "secretNamespace": { + "description": "secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure Share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "additionalProperties": false, + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIPersistentVolumeSource": { + "additionalProperties": false, + "description": "Represents storage that is managed by an external CSI volume driver (Beta feature)", + "properties": { + "controllerExpandSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an beta field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "controllerPublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "driver": { + "description": "driver is the name of the driver to use for this volume. Required.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", + "type": "string" + }, + "nodeExpandSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This is an alpha field and requires enabling CSINodeExpandSecret feature gate. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "nodePublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "nodeStageSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "readOnly": { + "description": "readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes of the volume to publish.", + "type": "object" + }, + "volumeHandle": { + "description": "volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.", + "type": "string" + } + }, + "required": [ + "driver", + "volumeHandle" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIVolumeSource": { + "additionalProperties": false, + "description": "Represents a source location of a volume to mount, managed by an external CSI driver", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Capabilities": { + "additionalProperties": false, + "description": "Adds and removes POSIX capabilities from running containers.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.CephFSPersistentVolumeSource": { + "additionalProperties": false, + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + }, + "user": { + "description": "user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CephFSVolumeSource": { + "additionalProperties": false, + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderPersistentVolumeSource": { + "additionalProperties": false, + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack." + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderVolumeSource": { + "additionalProperties": false, + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ClientIPConfig": { + "additionalProperties": false, + "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", + "properties": { + "timeoutSeconds": { + "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapEnvSource": { + "additionalProperties": false, + "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapKeySelector": { + "additionalProperties": false, + "description": "Selects a key from a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ConfigMapProjection": { + "additionalProperties": false, + "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "additionalProperties": false, + "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ContainerPort": { + "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "type": "string" + }, + "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".\n\n", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIProjection": { + "additionalProperties": false, + "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector", + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector", + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "additionalProperties": false, + "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "additionalProperties": false, + "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvFromSource": { + "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "properties": { + "configMapRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapEnvSource", + "description": "The ConfigMap to select from" + }, + "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretEnvSource", + "description": "The Secret to select from" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvVar": { + "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "type": "string" + }, + "valueFrom": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVarSource", + "description": "Source for the environment variable's value. Cannot be used if value is not empty." + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EnvVarSource": { + "additionalProperties": false, + "description": "EnvVarSource represents a source for the value of an EnvVar.", + "properties": { + "configMapKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector", + "description": "Selects a key of a ConfigMap." + }, + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector", + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector", + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + }, + "secretKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "description": "Selects a key of a secret in the pod's namespace" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralContainer": { + "additionalProperties": false, + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", + "properties": { + "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "type": "array" + }, + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\n", + "type": "string" + }, + "lifecycle": { + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle", + "description": "Lifecycle is not allowed for ephemeral containers." + }, + "livenessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Probes are not allowed for ephemeral containers." + }, + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "type": "string" + }, + "ports": { + "description": "Ports are not allowed for ephemeral containers.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Probes are not allowed for ephemeral containers." + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod." + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext", + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." + }, + "startupProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Probes are not allowed for ephemeral containers." + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", + "type": "string" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\n", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "additionalProperties": false, + "description": "Represents an ephemeral volume that is handled by a normal storage driver.", + "properties": { + "volumeClaimTemplate": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimTemplate", + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ExecAction": { + "additionalProperties": false, + "description": "ExecAction describes a \"run in container\" action.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FCVolumeSource": { + "additionalProperties": false, + "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FlexPersistentVolumeSource": { + "additionalProperties": false, + "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlexVolumeSource": { + "additionalProperties": false, + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlockerVolumeSource": { + "additionalProperties": false, + "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GRPCAction": { + "additionalProperties": false, + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "additionalProperties": false, + "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", + "type": "string" + }, + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsPersistentVolumeSource": { + "additionalProperties": false, + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "endpointsNamespace": { + "description": "endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "additionalProperties": false, + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPGetAction": { + "additionalProperties": false, + "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPHeader" + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + }, + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.\n\n", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPHeader": { + "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostAlias": { + "additionalProperties": false, + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ip": { + "description": "IP address of the host file entry.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.HostPathVolumeSource": { + "additionalProperties": false, + "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIPersistentVolumeSource": { + "additionalProperties": false, + "description": "ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", + "type": "string" + }, + "iqn": { + "description": "iqn is Target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun is iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "additionalProperties": false, + "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", + "type": "string" + }, + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.KeyToPath": { + "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Lifecycle": { + "additionalProperties": false, + "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", + "properties": { + "postStart": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler", + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + }, + "preStop": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler", + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LifecycleHandler": { + "additionalProperties": false, + "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction", + "description": "Exec specifies the action to take." + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction", + "description": "HTTPGet specifies the http request to perform." + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.LocalVolumeSource": { + "additionalProperties": false, + "description": "Local represents directly-attached storage with node affinity (Beta feature)", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default value is to auto-select a filesystem if unspecified.", + "type": "string" + }, + "path": { + "description": "path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NFSVolumeSource": { + "additionalProperties": false, + "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "server", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeAffinity": { + "additionalProperties": false, + "description": "Node affinity is a group of node affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PreferredSchedulingTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector", + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelector": { + "additionalProperties": false, + "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\n", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelectorTerm": { + "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectFieldSelector": { + "additionalProperties": false, + "description": "ObjectFieldSelector selects an APIVersioned field of an object.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectReference": { + "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolumeClaim": { + "additionalProperties": false, + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "enum": [ + "v1" + ], + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "enum": [ + "PersistentVolumeClaim" + ], + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "status": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimStatus", + "description": "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { + "additionalProperties": false, + "description": "PersistentVolumeClaimCondition contails details about state of pvc", + "properties": { + "lastProbeTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "lastProbeTime is the time we probed the condition." + }, + "lastTransitionTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "lastTransitionTime is the time the condition transitioned from one status to another." + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.", + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "additionalProperties": false, + "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference", + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + }, + "dataSourceRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference", + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "selector is a label query over volumes to consider for binding." + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "additionalProperties": false, + "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "allocatedResources": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimCondition" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.\n\n", + "type": "string" + }, + "resizeStatus": { + "description": "resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "additionalProperties": false, + "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", + "properties": { + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "additionalProperties": false, + "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeSpec": { + "additionalProperties": false, + "description": "PersistentVolumeSpec is the specification of a persistent volume.", + "properties": { + "accessModes": { + "description": "accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes", + "items": { + "type": "string" + }, + "type": "array" + }, + "awsElasticBlockStore": { + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource", + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + }, + "azureDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource", + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + }, + "azureFile": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFilePersistentVolumeSource", + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + }, + "capacity": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity", + "type": "object" + }, + "cephfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource", + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + }, + "cinder": { + "$ref": "#/definitions/io.k8s.api.core.v1.CinderPersistentVolumeSource", + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + }, + "claimRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", + "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", + "x-kubernetes-map-type": "granular" + }, + "csi": { + "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource", + "description": "csi represents storage that is handled by an external CSI driver (Beta feature)." + }, + "fc": { + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource", + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + }, + "flexVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlexPersistentVolumeSource", + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + }, + "flocker": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource", + "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running" + }, + "gcePersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource", + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + }, + "glusterfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource", + "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + }, + "hostPath": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource", + "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + }, + "iscsi": { + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIPersistentVolumeSource", + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin." + }, + "local": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalVolumeSource", + "description": "local represents directly-attached storage with node affinity" + }, + "mountOptions": { + "description": "mountOptions is the list of mount options, e.g. [\"ro\", \"soft\"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options", + "items": { + "type": "string" + }, + "type": "array" + }, + "nfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource", + "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + }, + "nodeAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeNodeAffinity", + "description": "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume." + }, + "persistentVolumeReclaimPolicy": { + "description": "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming\n\n", + "type": "string" + }, + "photonPersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource", + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + }, + "portworxVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource", + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + }, + "quobyte": { + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource", + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + }, + "rbd": { + "$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource", + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + }, + "scaleIO": { + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource", + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + }, + "storageClassName": { + "description": "storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.", + "type": "string" + }, + "storageos": { + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSPersistentVolumeSource", + "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod More info: https://examples.k8s.io/volumes/storageos/README.md" + }, + "volumeMode": { + "description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.", + "type": "string" + }, + "vsphereVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource", + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a Photon Controller persistent disk resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinity": { + "additionalProperties": false, + "description": "Pod affinity is a group of inter pod affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinityTerm": { + "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A label query over a set of resources, in this case pods." + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAntiAffinity": { + "additionalProperties": false, + "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodDNSConfig": { + "additionalProperties": false, + "description": "PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + "items": { + "type": "string" + }, + "type": "array" + }, + "options": { + "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfigOption" + }, + "type": "array" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodDNSConfigOption": { + "additionalProperties": false, + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Required.", + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodOS": { + "additionalProperties": false, + "description": "PodOS defines the OS parameters of a pod.", + "properties": { + "name": { + "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodReadinessGate": { + "additionalProperties": false, + "description": "PodReadinessGate contains the reference to a pod condition", + "properties": { + "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "type": "string" + } + }, + "required": [ + "conditionType" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodSecurityContext": { + "additionalProperties": false, + "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", + "properties": { + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions", + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile", + "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl" + }, + "type": "array" + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions", + "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PortworxVolumeSource": { + "additionalProperties": false, + "description": "PortworxVolumeSource represents a Portworx volume resource.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PreferredSchedulingTerm": { + "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm", + "description": "A node selector term, associated with the corresponding weight." + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "preference" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Probe": { + "additionalProperties": false, + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction", + "description": "Exec specifies the action to take." + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction", + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction", + "description": "HTTPGet specifies the http request to perform." + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction", + "description": "TCPSocket specifies an action involving a TCP port." + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "additionalProperties": false, + "description": "Represents a projected volume source", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "additionalProperties": false, + "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", + "properties": { + "group": { + "description": "group to map volume access to Default is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to Defaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDPersistentVolumeSource": { + "additionalProperties": false, + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDVolumeSource": { + "additionalProperties": false, + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "additionalProperties": false, + "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity", + "description": "Specifies the output format of the exposed resources, defaults to \"1\"" + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "additionalProperties": false, + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "limits": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SELinuxOptions": { + "additionalProperties": false, + "description": "SELinuxOptions are the labels to be applied to the container", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOPersistentVolumeSource": { + "additionalProperties": false, + "description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference", + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + }, + "sslEnabled": { + "description": "sslEnabled is the flag to enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "additionalProperties": false, + "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SeccompProfile": { + "additionalProperties": false, + "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\n", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "io.k8s.api.core.v1.SecretEnvSource": { + "additionalProperties": false, + "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretKeySelector": { + "additionalProperties": false, + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretProjection": { + "additionalProperties": false, + "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretReference": { + "additionalProperties": false, + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "additionalProperties": false, + "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecurityContext": { + "additionalProperties": false, + "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities", + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + }, + "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions", + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile", + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions", + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "additionalProperties": false, + "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ServicePort": { + "additionalProperties": false, + "description": "ServicePort contains information on service's port.", + "properties": { + "appProtocol": { + "description": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.", + "type": "string" + }, + "name": { + "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.", + "type": "string" + }, + "nodePort": { + "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", + "format": "int32", + "type": "integer" + }, + "port": { + "description": "The port that will be exposed by this service.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.\n\n", + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ServiceSpec": { + "additionalProperties": false, + "description": "ServiceSpec describes the attributes that a user creates on a service.", + "properties": { + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", + "type": "boolean" + }, + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\n", + "type": "string" + }, + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", + "format": "int32", + "type": "integer" + }, + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).", + "type": "string" + }, + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.", + "type": "string" + }, + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", + "type": "string" + }, + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.", + "type": "string" + }, + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "items": { + "type": "string" + }, + "type": "array" + }, + "ports": { + "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServicePort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "port", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "port", + "x-kubernetes-patch-strategy": "merge" + }, + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" + }, + "selector": { + "additionalProperties": { + "type": "string" + }, + "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n\n", + "type": "string" + }, + "sessionAffinityConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SessionAffinityConfig", + "description": "sessionAffinityConfig contains the configurations of session affinity." + }, + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n\n", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SessionAffinityConfig": { + "additionalProperties": false, + "description": "SessionAffinityConfig represents the configurations of session affinity.", + "properties": { + "clientIP": { + "$ref": "#/definitions/io.k8s.api.core.v1.ClientIPConfig", + "description": "clientIP contains the configurations of Client IP based session affinity." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSPersistentVolumeSource": { + "additionalProperties": false, + "description": "Represents a StorageOS persistent volume resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "additionalProperties": false, + "description": "Represents a StorageOS persistent volume resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Sysctl": { + "additionalProperties": false, + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TCPSocketAction": { + "additionalProperties": false, + "description": "TCPSocketAction describes an action based on opening a socket", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Toleration": { + "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.TopologySelectorLabelRequirement": { + "additionalProperties": false, + "description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "values": { + "description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "values" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TopologySelectorTerm": { + "additionalProperties": false, + "description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.", + "properties": { + "matchLabelExpressions": { + "description": "A list of topology selector requirements by labels.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySelectorLabelRequirement" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.TopologySpreadConstraint": { + "additionalProperties": false, + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.\n\n", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "additionalProperties": false, + "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.Volume": { + "additionalProperties": false, + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource", + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + }, + "azureDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource", + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + }, + "azureFile": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource", + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + }, + "cephfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource", + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + }, + "cinder": { + "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource", + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + }, + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource", + "description": "configMap represents a configMap that should populate this volume" + }, + "csi": { + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource", + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource", + "description": "downwardAPI represents downward API about the pod that should populate this volume" + }, + "emptyDir": { + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource", + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + }, + "ephemeral": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource", + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time." + }, + "fc": { + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource", + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + }, + "flexVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource", + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + }, + "flocker": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource", + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + }, + "gcePersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource", + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + }, + "gitRepo": { + "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource", + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + }, + "glusterfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource", + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + }, + "hostPath": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource", + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + }, + "iscsi": { + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource", + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + }, + "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource", + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + }, + "persistentVolumeClaim": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource", + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "photonPersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource", + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + }, + "portworxVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource", + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + }, + "projected": { + "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource", + "description": "projected items for all in one resources secrets, configmaps, and downward API" + }, + "quobyte": { + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource", + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + }, + "rbd": { + "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource", + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + }, + "scaleIO": { + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource", + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource", + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + }, + "storageos": { + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource", + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + }, + "vsphereVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource", + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeDevice": { + "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "name", + "devicePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMount": { + "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "type": "boolean" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeNodeAffinity": { + "additionalProperties": false, + "description": "VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.", + "properties": { + "required": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector", + "description": "required specifies hard node constraints that must be met." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VolumeProjection": { + "additionalProperties": false, + "description": "Projection that may be projected along with other supported volume types", + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapProjection", + "description": "configMap information about the configMap data to project" + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIProjection", + "description": "downwardAPI information about the downwardAPI data to project" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretProjection", + "description": "secret information about the secret data to project" + }, + "serviceAccountToken": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccountTokenProjection", + "description": "serviceAccountToken is information about the serviceAccountToken data to project" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a vSphere volume resource.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WeightedPodAffinityTerm": { + "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm", + "description": "Required. A pod affinity term, associated with the corresponding weight." + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "podAffinityTerm" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WindowsSecurityContextOptions": { + "additionalProperties": false, + "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.HTTPIngressPath": { + "additionalProperties": false, + "description": "HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend.", + "properties": { + "backend": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressBackend", + "description": "Backend defines the referenced service endpoint to which the traffic will be forwarded to." + }, + "path": { + "description": "Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value \"Exact\" or \"Prefix\".", + "type": "string" + }, + "pathType": { + "description": "PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types.", + "type": "string" + } + }, + "required": [ + "pathType", + "backend" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.HTTPIngressRuleValue": { + "additionalProperties": false, + "description": "HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://\u003chost\u003e/\u003cpath\u003e?\u003csearchpart\u003e -\u003e backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.", + "properties": { + "paths": { + "description": "A collection of paths that map requests to backends.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.HTTPIngressPath" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "paths" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IPBlock": { + "additionalProperties": false, + "description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\",\"2001:db9::/64\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.", + "properties": { + "cidr": { + "description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"", + "type": "string" + }, + "except": { + "description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "cidr" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IngressBackend": { + "additionalProperties": false, + "description": "IngressBackend describes all endpoints for a given service and port.", + "properties": { + "resource": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference", + "description": "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + }, + "service": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressServiceBackend", + "description": "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressClassParametersReference": { + "additionalProperties": false, + "description": "IngressClassParametersReference identifies an API object. This can be used to specify a cluster or namespace-scoped resource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced.", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced.", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the resource being referenced. This field is required when scope is set to \"Namespace\" and must be unset when scope is set to \"Cluster\".", + "type": "string" + }, + "scope": { + "description": "Scope represents if this refers to a cluster or namespace scoped resource. This may be set to \"Cluster\" (default) or \"Namespace\".", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IngressClassSpec": { + "additionalProperties": false, + "description": "IngressClassSpec provides information about the class of an Ingress.", + "properties": { + "controller": { + "description": "Controller refers to the name of the controller that should handle this class. This allows for different \"flavors\" that are controlled by the same controller. For example, you may have different Parameters for the same implementing controller. This should be specified as a domain-prefixed path no more than 250 characters in length, e.g. \"acme.io/ingress-controller\". This field is immutable.", + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClassParametersReference", + "description": "Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters." + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressRule": { + "additionalProperties": false, + "description": "IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.", + "properties": { + "host": { + "description": "Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.\n\nHost can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.foo.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule.", + "type": "string" + }, + "http": { + "$ref": "#/definitions/io.k8s.api.networking.v1.HTTPIngressRuleValue" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressServiceBackend": { + "additionalProperties": false, + "description": "IngressServiceBackend references a Kubernetes Service as a Backend.", + "properties": { + "name": { + "description": "Name is the referenced service. The service must exist in the same namespace as the Ingress object.", + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.api.networking.v1.ServiceBackendPort", + "description": "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IngressSpec": { + "additionalProperties": false, + "description": "IngressSpec describes the Ingress the user wishes to exist.", + "properties": { + "defaultBackend": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressBackend", + "description": "DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller." + }, + "ingressClassName": { + "description": "IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -\u003e IngressClass -\u003e Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present.", + "type": "string" + }, + "rules": { + "description": "A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressRule" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "tls": { + "description": "TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressTLS" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressTLS": { + "additionalProperties": false, + "description": "IngressTLS describes the transport layer security associated with an Ingress.", + "properties": { + "hosts": { + "description": "Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "secretName": { + "description": "SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyEgressRule": { + "additionalProperties": false, + "description": "NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8", + "properties": { + "ports": { + "description": "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPort" + }, + "type": "array" + }, + "to": { + "description": "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPeer" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyIngressRule": { + "additionalProperties": false, + "description": "NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.", + "properties": { + "from": { + "description": "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPeer" + }, + "type": "array" + }, + "ports": { + "description": "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyPeer": { + "additionalProperties": false, + "description": "NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed", + "properties": { + "ipBlock": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IPBlock", + "description": "IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be." + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.\n\nIf PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector." + }, + "podSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.\n\nIf NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace." + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyPort": { + "additionalProperties": false, + "description": "NetworkPolicyPort describes a port to allow traffic on", + "properties": { + "endPort": { + "description": "If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", + "format": "int32", + "type": "integer" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched." + }, + "protocol": { + "description": "The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicySpec": { + "additionalProperties": false, + "description": "NetworkPolicySpec provides the specification of a NetworkPolicy", + "properties": { + "egress": { + "description": "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyEgressRule" + }, + "type": "array" + }, + "ingress": { + "description": "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyIngressRule" + }, + "type": "array" + }, + "podSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace." + }, + "policyTypes": { + "description": "List of rule types that the NetworkPolicy relates to. Valid options are [\"Ingress\"], [\"Egress\"], or [\"Ingress\", \"Egress\"]. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ \"Egress\" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include \"Egress\" (since such a policy would not include an Egress section and would otherwise default to just [ \"Ingress\" ]). This field is beta-level in 1.8", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "podSelector" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.ServiceBackendPort": { + "additionalProperties": false, + "description": "ServiceBackendPort is the service port being referenced.", + "properties": { + "name": { + "description": "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\".", + "type": "string" + }, + "number": { + "description": "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\".", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.policy.v1.PodDisruptionBudgetSpec": { + "additionalProperties": false, + "description": "PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.", + "properties": { + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "An eviction is allowed if at most \"maxUnavailable\" pods selected by \"selector\" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with \"minAvailable\"." + }, + "minAvailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "description": "An eviction is allowed if at least \"minAvailable\" pods selected by \"selector\" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying \"100%\"." + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "Label query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace.", + "x-kubernetes-patch-strategy": "replace" + } + }, + "type": "object" + }, + "io.k8s.api.rbac.v1.AggregationRule": { + "additionalProperties": false, + "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", + "properties": { + "clusterRoleSelectors": { + "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.rbac.v1.PolicyRule": { + "additionalProperties": false, + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", + "properties": { + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "items": { + "type": "string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "items": { + "type": "string" + }, + "type": "array" + }, + "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "verbs" + ], + "type": "object" + }, + "io.k8s.api.rbac.v1.RoleRef": { + "additionalProperties": false, + "description": "RoleRef contains information that points to the role being used", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "apiGroup", + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.rbac.v1.Subject": { + "additionalProperties": false, + "description": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.", + "properties": { + "apiGroup": { + "description": "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects.", + "type": "string" + }, + "kind": { + "description": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.", + "type": "string" + }, + "name": { + "description": "Name of the object being referenced.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition": { + "additionalProperties": false, + "description": "CustomResourceColumnDefinition specifies a column for server side printing.", + "properties": { + "description": { + "description": "description is a human readable description of this column.", + "type": "string" + }, + "format": { + "description": "format is an optional OpenAPI type definition for this column. The 'name' format is applied to the primary identifier column to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.", + "type": "string" + }, + "jsonPath": { + "description": "jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against each custom resource to produce the value for this column.", + "type": "string" + }, + "name": { + "description": "name is a human readable name for the column.", + "type": "string" + }, + "priority": { + "description": "priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a priority greater than 0.", + "format": "int32", + "type": "integer" + }, + "type": { + "description": "type is an OpenAPI type definition for this column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.", + "type": "string" + } + }, + "required": [ + "name", + "type", + "jsonPath" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceConversion": { + "additionalProperties": false, + "description": "CustomResourceConversion describes how to convert different versions of a CR.", + "properties": { + "strategy": { + "description": "strategy specifies how custom resources are converted between versions. Allowed values are: - `None`: The converter only change the apiVersion and would not touch any other field in the custom resource. - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information\n is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.", + "type": "string" + }, + "webhook": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookConversion", + "description": "webhook describes how to call the conversion webhook. Required when `strategy` is set to `Webhook`." + } + }, + "required": [ + "strategy" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames": { + "additionalProperties": false, + "description": "CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition", + "properties": { + "categories": { + "description": "categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.", + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "description": "kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls.", + "type": "string" + }, + "listKind": { + "description": "listKind is the serialized kind of the list for this resource. Defaults to \"`kind`List\".", + "type": "string" + }, + "plural": { + "description": "plural is the plural name of the resource to serve. The custom resources are served under `/apis/\u003cgroup\u003e/\u003cversion\u003e/.../\u003cplural\u003e`. Must match the name of the CustomResourceDefinition (in the form `\u003cnames.plural\u003e.\u003cgroup\u003e`). Must be all lowercase.", + "type": "string" + }, + "shortNames": { + "description": "shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get \u003cshortname\u003e`. It must be all lowercase.", + "items": { + "type": "string" + }, + "type": "array" + }, + "singular": { + "description": "singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.", + "type": "string" + } + }, + "required": [ + "plural", + "kind" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec": { + "additionalProperties": false, + "description": "CustomResourceDefinitionSpec describes how a user wants their resource to appear", + "properties": { + "conversion": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceConversion", + "description": "conversion defines conversion settings for the CRD." + }, + "group": { + "description": "group is the API group of the defined custom resource. The custom resources are served under `/apis/\u003cgroup\u003e/...`. Must match the name of the CustomResourceDefinition (in the form `\u003cnames.plural\u003e.\u003cgroup\u003e`).", + "type": "string" + }, + "names": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames", + "description": "names specify the resource and kind names for the custom resource." + }, + "preserveUnknownFields": { + "description": "preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields for details.", + "type": "boolean" + }, + "scope": { + "description": "scope indicates whether the defined custom resource is cluster- or namespace-scoped. Allowed values are `Cluster` and `Namespaced`.", + "type": "string" + }, + "versions": { + "description": "versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is \"kube-like\", it will sort above non \"kube-like\" version strings, which are ordered lexicographically. \"Kube-like\" versions start with a \"v\", then are followed by a number (the major version), then optionally the string \"alpha\" or \"beta\" and another number (the minor version). These are sorted first by GA \u003e beta \u003e alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.", + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion" + }, + "type": "array" + } + }, + "required": [ + "group", + "names", + "scope", + "versions" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion": { + "additionalProperties": false, + "description": "CustomResourceDefinitionVersion describes a version for CRD.", + "properties": { + "additionalPrinterColumns": { + "description": "additionalPrinterColumns specifies additional columns returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. If no columns are specified, a single column displaying the age of the custom resource is used.", + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition" + }, + "type": "array" + }, + "deprecated": { + "description": "deprecated indicates this version of the custom resource API is deprecated. When set to true, API requests to this version receive a warning header in the server response. Defaults to false.", + "type": "boolean" + }, + "deprecationWarning": { + "description": "deprecationWarning overrides the default warning returned to API clients. May only be set when `deprecated` is true. The default warning indicates this version is deprecated and recommends use of the newest served version of equal or greater stability, if one exists.", + "type": "string" + }, + "name": { + "description": "name is the version name, e.g. “v1”, “v2beta1”, etc. The custom resources are served under this version at `/apis/\u003cgroup\u003e/\u003cversion\u003e/...` if `served` is true.", + "type": "string" + }, + "schema": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceValidation", + "description": "schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource." + }, + "served": { + "description": "served is a flag enabling/disabling this version from being served via REST APIs", + "type": "boolean" + }, + "storage": { + "description": "storage indicates this version should be used when persisting custom resources to storage. There must be exactly one version with storage=true.", + "type": "boolean" + }, + "subresources": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresources", + "description": "subresources specify what subresources this version of the defined custom resource have." + } + }, + "required": [ + "name", + "served", + "storage" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale": { + "additionalProperties": false, + "description": "CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.", + "properties": { + "labelSelectorPath": { + "description": "labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status` or `.spec`. Must be set to work with HorizontalPodAutoscaler. The field pointed by this JSON path must be a string field (not a complex selector struct) which contains a serialized label selector in string form. More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` subresource will default to the empty string.", + "type": "string" + }, + "specReplicasPath": { + "description": "specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.spec`. If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.", + "type": "string" + }, + "statusReplicasPath": { + "description": "statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status`. If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource will default to 0.", + "type": "string" + } + }, + "required": [ + "specReplicasPath", + "statusReplicasPath" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceStatus": { + "description": "CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. Status is represented by the `.status` JSON path inside of a CustomResource. When set, * exposes a /status subresource for the custom resource * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza", + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresources": { + "additionalProperties": false, + "description": "CustomResourceSubresources defines the status and scale subresources for CustomResources.", + "properties": { + "scale": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale", + "description": "scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object." + }, + "status": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceStatus", + "description": "status indicates the custom resource should serve a `/status` subresource. When enabled: 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object." + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceValidation": { + "additionalProperties": false, + "description": "CustomResourceValidation is a list of validation methods for CustomResources.", + "properties": { + "openAPIV3Schema": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps", + "description": "openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning." + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation": { + "additionalProperties": false, + "description": "ExternalDocumentation allows referencing an external resource for extended documentation.", + "properties": { + "description": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON": { + "description": "JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps": { + "additionalProperties": false, + "description": "JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).", + "properties": { + "$ref": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "additionalItems": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "allOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "anyOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "default": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON", + "description": "default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false." + }, + "definitions": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "dependencies": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray" + }, + "type": "object" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "type": "array" + }, + "example": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "exclusiveMaximum": { + "type": "boolean" + }, + "exclusiveMinimum": { + "type": "boolean" + }, + "externalDocs": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation" + }, + "format": { + "description": "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an URI as parsed by Golang net/url.ParseRequestURI - email: an email address as parsed by Golang net/mail.ParseAddress - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\" - isbn10: an ISBN10 number string like \"0321751043\" - isbn13: an ISBN13 number string like \"978-0321751041\" - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ - hexcolor: an hexadecimal color code like \"#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb like \"rgb(255,255,2559\" - byte: base64 encoded binary data - password: any kind of string - date: a date string like \"2006-01-02\" as defined by full-date in RFC3339 - duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format - datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339.", + "type": "string" + }, + "id": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray" + }, + "maxItems": { + "format": "int64", + "type": "integer" + }, + "maxLength": { + "format": "int64", + "type": "integer" + }, + "maxProperties": { + "format": "int64", + "type": "integer" + }, + "maximum": { + "format": "double", + "type": "number" + }, + "minItems": { + "format": "int64", + "type": "integer" + }, + "minLength": { + "format": "int64", + "type": "integer" + }, + "minProperties": { + "format": "int64", + "type": "integer" + }, + "minimum": { + "format": "double", + "type": "number" + }, + "multipleOf": { + "format": "double", + "type": "number" + }, + "not": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "nullable": { + "type": "boolean" + }, + "oneOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "pattern": { + "type": "string" + }, + "patternProperties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "properties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "required": { + "items": { + "type": "string" + }, + "type": "array" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uniqueItems": { + "type": "boolean" + }, + "x-kubernetes-embedded-resource": { + "description": "x-kubernetes-embedded-resource defines that the value is an embedded Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be object. It is allowed to further restrict the embedded object. kind, apiVersion and metadata are validated automatically. x-kubernetes-preserve-unknown-fields is allowed to be true, but does not have to be if the object is fully specified (up to kind, apiVersion, metadata).", + "type": "boolean" + }, + "x-kubernetes-int-or-string": { + "description": "x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns:\n\n1) anyOf:\n - type: integer\n - type: string\n2) allOf:\n - anyOf:\n - type: integer\n - type: string\n - ... zero or more", + "type": "boolean" + }, + "x-kubernetes-list-map-keys": { + "description": "x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used as the index of the map.\n\nThis tag MUST only be used on lists that have the \"x-kubernetes-list-type\" extension set to \"map\". Also, the values specified for this attribute must be a scalar typed field of the child structure (no nesting is supported).\n\nThe properties specified must either be required or have a default value, to ensure those properties are present for all list items.", + "items": { + "type": "string" + }, + "type": "array" + }, + "x-kubernetes-list-type": { + "description": "x-kubernetes-list-type annotates an array to further describe its topology. This extension must only be used on lists and may have 3 possible values:\n\n1) `atomic`: the list is treated as a single entity, like a scalar.\n Atomic lists will be entirely replaced when updated. This extension\n may be used on any type of list (struct, scalar, ...).\n2) `set`:\n Sets are lists that must not have multiple items with the same value. Each\n value must be a scalar, an object with x-kubernetes-map-type `atomic` or an\n array with x-kubernetes-list-type `atomic`.\n3) `map`:\n These lists are like maps in that their elements have a non-index key\n used to identify them. Order is preserved upon merge. The map tag\n must only be used on a list with elements of type object.\nDefaults to atomic for arrays.", + "type": "string" + }, + "x-kubernetes-map-type": { + "description": "x-kubernetes-map-type annotates an object to further describe its topology. This extension must only be used when type is object and may have 2 possible values:\n\n1) `granular`:\n These maps are actual maps (key-value pairs) and each fields are independent\n from each other (they can each be manipulated by separate actors). This is\n the default behaviour for all maps.\n2) `atomic`: the list is treated as a single entity, like a scalar.\n Atomic maps will be entirely replaced when updated.", + "type": "string" + }, + "x-kubernetes-preserve-unknown-fields": { + "description": "x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden.", + "type": "boolean" + }, + "x-kubernetes-validations": { + "description": "x-kubernetes-validations describes a list of validation rules written in the CEL expression language. This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.", + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "rule" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "rule", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray": { + "description": "JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool": { + "description": "JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. Defaults to true for the boolean property." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray": { + "description": "JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array." + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ServiceReference": { + "additionalProperties": false, + "description": "ServiceReference holds a reference to Service.legacy.k8s.io", + "properties": { + "name": { + "description": "name is the name of the service. Required", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the service. Required", + "type": "string" + }, + "path": { + "description": "path is an optional URL path at which the webhook will be contacted.", + "type": "string" + }, + "port": { + "description": "port is an optional service port at which the webhook will be contacted. `port` should be a valid port number (1-65535, inclusive). Defaults to 443 for backward compatibility.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "namespace", + "name" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule": { + "additionalProperties": false, + "description": "ValidationRule describes a validation rule written in the CEL expression language.", + "properties": { + "message": { + "description": "Message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\"", + "type": "string" + }, + "rule": { + "description": "Rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The `self` variable in the CEL expression is bound to the scoped value. Example: - Rule scoped to the root of a resource with a status subresource: {\"rule\": \"self.status.actual \u003c= self.spec.maxDesired\"}\n\nIf the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as absent fields in CEL expressions. If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map are accessible via CEL macros and functions such as `self.all(...)`. If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and functions. If the Rule is scoped to a scalar, `self` is bound to the scalar value. Examples: - Rule scoped to a map of objects: {\"rule\": \"self.components['Widget'].priority \u003c 10\"} - Rule scoped to a list of integers: {\"rule\": \"self.values.all(value, value \u003e= 0 \u0026\u0026 value \u003c 100)\"} - Rule scoped to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible.\n\nUnknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes: - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. - Object properties where the property schema is of an \"unknown type\". An \"unknown type\" is recursively defined as:\n - A schema with no type and x-kubernetes-preserve-unknown-fields set to true\n - An array where the items schema is of an \"unknown type\"\n - An object where the additionalProperties schema is of an \"unknown type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Rule accessing a property named \"namespace\": {\"rule\": \"self.__namespace__ \u003e 0\"}\n - Rule accessing a property named \"x-prop\": {\"rule\": \"self.x__dash__prop \u003e 0\"}\n - Rule accessing a property named \"redact__d\": {\"rule\": \"self.redact__underscores__d \u003e 0\"}\n\nEquality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.", + "type": "string" + } + }, + "required": [ + "rule" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookClientConfig": { + "additionalProperties": false, + "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook.", + "properties": { + "caBundle": { + "description": "caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.", + "format": "byte", + "type": "string" + }, + "service": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ServiceReference", + "description": "service is a reference to the service for this webhook. Either service or url must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`." + }, + "url": { + "description": "url gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookConversion": { + "additionalProperties": false, + "description": "WebhookConversion describes how to call a conversion webhook", + "properties": { + "clientConfig": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookClientConfig", + "description": "clientConfig is the instructions for how to call the webhook if strategy is `Webhook`." + }, + "conversionReviewVersions": { + "description": "conversionReviewVersions is an ordered list of preferred `ConversionReview` versions the Webhook expects. The API server will use the first version in the list which it supports. If none of the versions specified in this list are supported by API server, conversion will fail for the custom resource. If a persisted Webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "conversionReviewVersions" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { + "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "default": "", + "description": "key is the label key that the selector applies to.", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { + "additionalProperties": false, + "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", + "type": "string" + }, + "fieldsType": { + "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", + "type": "string" + }, + "fieldsV1": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1", + "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type." + }, + "manager": { + "description": "Manager is an identifier of the workflow managing these fields.", + "type": "string" + }, + "operation": { + "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", + "type": "string" + }, + "subresource": { + "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", + "type": "string" + }, + "time": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over." + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "creationTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "default": {}, + "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "deletionGracePeriodSeconds": { + "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", + "format": "int64", + "type": "integer" + }, + "deletionTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "generation": { + "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", + "format": "int64", + "type": "integer" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "managedFields": { + "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry", + "default": {} + }, + "type": "array" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference", + "default": {} + }, + "type": "array", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + }, + "resourceVersion": { + "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { + "additionalProperties": false, + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", + "properties": { + "apiVersion": { + "default": "", + "description": "API version of the referent.", + "type": "string" + }, + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" + }, + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" + }, + "kind": { + "default": "", + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "default": "", + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec": { + "additionalProperties": false, + "description": "APIServiceSpec contains information for locating and communicating with a server. Only https is supported, though you are able to disable certificate verification.", + "properties": { + "caBundle": { + "description": "CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.", + "format": "byte", + "type": "string", + "x-kubernetes-list-type": "atomic" + }, + "group": { + "description": "Group is the API group name this server hosts", + "type": "string" + }, + "groupPriorityMinimum": { + "description": "GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s", + "format": "int32", + "type": "integer" + }, + "insecureSkipTLSVerify": { + "description": "InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead.", + "type": "boolean" + }, + "service": { + "$ref": "#/definitions/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.ServiceReference", + "description": "Service is a reference to the service for this API server. It must communicate on port 443. If the Service is nil, that means the handling for the API groupversion is handled locally on this server. The call will simply delegate to the normal handler chain to be fulfilled." + }, + "version": { + "description": "Version is the API version this server hosts. For example, \"v1\"", + "type": "string" + }, + "versionPriority": { + "description": "VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it's inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is \"kube-like\", it will sort above non \"kube-like\" version strings, which are ordered lexicographically. \"Kube-like\" versions start with a \"v\", then are followed by a number (the major version), then optionally the string \"alpha\" or \"beta\" and another number (the minor version). These are sorted first by GA \u003e beta \u003e alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "groupPriorityMinimum", + "versionPriority" + ], + "type": "object" + }, + "io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.ServiceReference": { + "additionalProperties": false, + "description": "ServiceReference holds a reference to Service.legacy.k8s.io", + "properties": { + "name": { + "description": "Name is the name of the service", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the service", + "type": "string" + }, + "port": { + "description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor": { + "additionalProperties": false, + "description": "PodMonitor defines monitoring for a set of pods.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec", + "default": {}, + "description": "Specification of desired Pod selection for target discovery by Prometheus." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule": { + "additionalProperties": false, + "description": "PrometheusRule defines recording and alerting rules for a Prometheus instance", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec", + "default": {}, + "description": "Specification of desired alerting rule definitions for Prometheus." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig": { + "additionalProperties": false, + "description": "AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.core.v1.Container": { + "additionalProperties": false, + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "type": "array" + }, + "imageRef": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "lifecycle": { + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle", + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + }, + "livenessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements", + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext", + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + }, + "startupProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe", + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\n", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" + } + }, + "required": [ + "imageRef" + ], + "type": "object" + }, + "metachart.api.core.v1.ContainerList": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.core.v1.Container" + } + }, + "type": "object" + }, + "metachart.api.core.v1.Pod": { + "additionalProperties": false, + "description": "Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/metachart.api.core.v1.PodSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Pod", + "version": "v1" + } + ] + }, + "metachart.api.core.v1.PodSpec": { + "additionalProperties": false, + "description": "PodSpec is a description of a pod.", + "properties": { + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity", + "description": "If specified, the pod's scheduling constraints" + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" + }, + "containers": { + "$ref": "#/definitions/metachart.api.core.v1.ContainerList" + }, + "dnsConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfig", + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.\n\n", + "type": "string" + }, + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", + "type": "boolean" + }, + "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralContainer" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostAlias" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" + }, + "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", + "type": "boolean" + }, + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.", + "type": "boolean" + }, + "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", + "type": "boolean" + }, + "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, + "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", + "type": "string" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "initContainers": { + "$ref": "#/definitions/metachart.api.core.v1.ContainerList" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "nodeName": { + "description": "NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.", + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "os": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodOS", + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" + }, + "overhead": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object" + }, + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", + "type": "string" + }, + "priority": { + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "format": "int32", + "type": "integer" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", + "type": "string" + }, + "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodReadinessGate" + }, + "type": "array" + }, + "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\n", + "type": "string" + }, + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", + "type": "string" + }, + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", + "type": "string" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext", + "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." + }, + "serviceAccount": { + "description": "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", + "type": "string" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + }, + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", + "type": "boolean" + }, + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", + "type": "boolean" + }, + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"\u003chostname\u003e.\u003csubdomain\u003e.\u003cpod namespace\u003e.svc.\u003ccluster domain\u003e\". If not specified, the pod will not have a domainname at all.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "topologyKey", + "x-kubernetes-patch-strategy": "merge" + }, + "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + } + }, + "required": [ + "containers" + ], + "type": "object" + }, + "metachart.api.internal.Image": { + "additionalProperties": false, + "properties": { + "pullPolicy": { + "enum": [ + "Always", + "IfNotPresent" + ], + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "type": "object" + }, + "metachart.api.internal.volumeClaimTemplates": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret": { + "additionalProperties": false, + "description": "ClusterExternalSecret is the Schema for the clusterexternalsecrets API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore": { + "additionalProperties": false, + "description": "ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret": { + "additionalProperties": false, + "description": "ExternalSecret is the Schema for the external-secrets API.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore": { + "additionalProperties": false, + "description": "SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration": { + "additionalProperties": false, + "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MutatingWebhook" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "MutatingWebhookConfiguration", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration": { + "additionalProperties": false, + "description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingWebhook" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingWebhookConfiguration", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.DaemonSet": { + "additionalProperties": false, + "description": "DaemonSet represents the configuration of a daemon set.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "related": { + "properties": { + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DaemonSetSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "DaemonSet", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.DaemonSetSpec": { + "additionalProperties": false, + "description": "DaemonSetSpec is the specification of a daemon set.", + "properties": { + "minReadySeconds": { + "description": "The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", + "format": "int32", + "type": "integer" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "revisionHistoryLimit": { + "description": "The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.", + "format": "int32", + "type": "integer" + }, + "updateStrategy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.DaemonSetUpdateStrategy", + "description": "An update strategy to replace existing DaemonSet pods with new pods." + } + }, + "required": [ + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.apps.v1.Deployment": { + "additionalProperties": false, + "description": "Deployment enables declarative updates for Pods and ReplicaSets.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "related": { + "properties": { + "poddisruptionbudgets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "type": "object" + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DeploymentSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "Deployment", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.DeploymentSpec": { + "additionalProperties": false, + "description": "DeploymentSpec is the specification of the desired behavior of the Deployment.", + "properties": { + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "format": "int32", + "type": "integer" + }, + "paused": { + "description": "Indicates that the deployment is paused.", + "type": "boolean" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "progressDeadlineSeconds": { + "description": "The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.", + "format": "int32", + "type": "integer" + }, + "replicas": { + "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", + "format": "int32", + "type": "integer" + }, + "revisionHistoryLimit": { + "description": "The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.", + "format": "int32", + "type": "integer" + }, + "strategy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.DeploymentStrategy", + "description": "The deployment strategy to use to replace existing pods with new ones.", + "x-kubernetes-patch-strategy": "retainKeys" + } + }, + "required": [ + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.apps.v1.StatefulSet": { + "additionalProperties": false, + "description": "StatefulSet represents a set of pods with consistent identities. Identities are defined as:\n - Network: A single stable DNS and hostname.\n - Storage: As many VolumeClaims as requested.\n\nThe StatefulSet guarantees that a given network identity will always map to the same storage identity.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "related": { + "properties": { + "poddisruptionbudgets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "type": "object" + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.StatefulSetSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "StatefulSet", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.StatefulSetSpec": { + "additionalProperties": false, + "description": "A StatefulSetSpec is the specification of a StatefulSet.", + "properties": { + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "format": "int32", + "type": "integer" + }, + "persistentVolumeClaimRetentionPolicy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy", + "description": "persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent volume claims created from volumeClaimTemplates. By default, all persistent volume claims are created as needed and retained until manually deleted. This policy allows the lifecycle to be altered, for example by deleting persistent volume claims when their stateful set is deleted, or when their pod is scaled down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha. +optional" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "podManagementPolicy": { + "description": "podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.\n\n", + "type": "string" + }, + "replicas": { + "description": "replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1.", + "format": "int32", + "type": "integer" + }, + "revisionHistoryLimit": { + "description": "revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.", + "format": "int32", + "type": "integer" + }, + "serviceName": { + "description": "serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where \"pod-specific-string\" is managed by the StatefulSet controller.", + "type": "string" + }, + "updateStrategy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.StatefulSetUpdateStrategy", + "description": "updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template." + }, + "volumeClaimTemplates": { + "$ref": "#/definitions/metachart.api.internal.volumeClaimTemplates" + } + }, + "required": [ + "serviceName", + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler": { + "additionalProperties": false, + "description": "configuration of a horizontal pod autoscaler.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec", + "description": "behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status." + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "autoscaling", + "kind": "HorizontalPodAutoscaler", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.batch.v1.CronJob": { + "additionalProperties": false, + "description": "CronJob represents the configuration of a single cron job.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.CronJobSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "batch", + "kind": "CronJob", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.batch.v1.CronJobSpec": { + "additionalProperties": false, + "description": "CronJobSpec describes how the job execution will look like and when it will actually run.", + "properties": { + "concurrencyPolicy": { + "description": "Specifies how to treat concurrent executions of a Job. Valid values are: - \"Allow\" (default): allows CronJobs to run concurrently; - \"Forbid\": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - \"Replace\": cancels currently running job and replaces it with a new one\n\n", + "type": "string" + }, + "failedJobsHistoryLimit": { + "description": "The number of failed finished jobs to retain. Value must be non-negative integer. Defaults to 1.", + "format": "int32", + "type": "integer" + }, + "job": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.Job" + }, + "schedule": { + "description": "The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.", + "type": "string" + }, + "startingDeadlineSeconds": { + "description": "Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.", + "format": "int64", + "type": "integer" + }, + "successfulJobsHistoryLimit": { + "description": "The number of successful finished jobs to retain. Value must be non-negative integer. Defaults to 3.", + "format": "int32", + "type": "integer" + }, + "suspend": { + "description": "This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false.", + "type": "boolean" + }, + "timeZone": { + "description": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones This is beta field and must be enabled via the `CronJobTimeZone` feature gate.", + "type": "string" + } + }, + "required": [ + "schedule", + "job" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.batch.v1.Job": { + "additionalProperties": false, + "description": "Job represents the configuration of a single job.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.JobSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "batch", + "kind": "Job", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.batch.v1.JobSpec": { + "additionalProperties": false, + "description": "JobSpec describes how the job execution will look like.", + "properties": { + "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", + "format": "int64", + "type": "integer" + }, + "backoffLimit": { + "description": "Specifies the number of retries before marking this job failed. Defaults to 6", + "format": "int32", + "type": "integer" + }, + "completionMode": { + "description": "CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.\n\n`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.\n\n`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.\n\nMore completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.", + "type": "string" + }, + "completions": { + "description": "Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "format": "int32", + "type": "integer" + }, + "manualSelector": { + "description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", + "type": "boolean" + }, + "parallelism": { + "description": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) \u003c .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "format": "int32", + "type": "integer" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "podFailurePolicy": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicy", + "description": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default)." + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors" + }, + "suspend": { + "description": "Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.", + "type": "boolean" + }, + "ttlSecondsAfterFinished": { + "description": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest": { + "additionalProperties": false, + "description": "CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.\n\nKubelets use this API to obtain:\n 1. client certificates to authenticate to kube-apiserver (with the \"kubernetes.io/kube-apiserver-client-kubelet\" signerName).\n 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the \"kubernetes.io/kubelet-serving\" signerName).\n\nThis API can be used to request client certificates to authenticate to kube-apiserver (with the \"kubernetes.io/kube-apiserver-client\" signerName), or to obtain certificates from custom non-Kubernetes signers.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequestSpec", + "description": "spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.ConfigMap": { + "additionalProperties": false, + "description": "ConfigMap holds configuration data for pods to consume.", + "properties": { + "binaryData": { + "additionalProperties": { + "format": "byte", + "type": "string" + }, + "description": "BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.", + "type": "object" + }, + "data": { + "additionalProperties": { + "type": "string" + }, + "description": "Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.", + "type": "object" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.PersistentVolume": { + "additionalProperties": false, + "description": "PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeSpec", + "description": "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim": { + "additionalProperties": false, + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.Secret": { + "additionalProperties": false, + "description": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.", + "properties": { + "data": { + "additionalProperties": { + "format": "byte", + "type": "string" + }, + "description": "Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4", + "type": "object" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "stringData": { + "additionalProperties": { + "type": "string" + }, + "description": "stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.", + "type": "object" + }, + "type": { + "description": "Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Secret", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.Service": { + "additionalProperties": false, + "description": "Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceSpec", + "description": "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Service", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.ServiceAccount": { + "additionalProperties": false, + "description": "ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets", + "properties": { + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.", + "type": "boolean" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "type": "array" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "secrets": { + "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.networking.v1.Ingress": { + "additionalProperties": false, + "description": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressSpec", + "description": "Spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.networking.v1.IngressClass": { + "additionalProperties": false, + "description": "IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClassSpec", + "description": "Spec is the desired state of the IngressClass. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.networking.v1.NetworkPolicy": { + "additionalProperties": false, + "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicySpec", + "description": "Specification of the desired behavior for this NetworkPolicy." + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget": { + "additionalProperties": false, + "description": "PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec", + "description": "Specification of the desired behavior of the PodDisruptionBudget." + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.ClusterRole": { + "additionalProperties": false, + "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", + "properties": { + "aggregationRule": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule", + "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller." + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "rules": { + "description": "Rules holds all the PolicyRules for this ClusterRole", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding": { + "additionalProperties": false, + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "roleRef": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef", + "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error." + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "type": "array" + } + }, + "required": [ + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleBinding", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.Role": { + "additionalProperties": false, + "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "rules": { + "description": "Rules holds all the PolicyRules for this Role", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "Role", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.RoleBinding": { + "additionalProperties": false, + "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "roleRef": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef", + "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error." + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "type": "array" + } + }, + "required": [ + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "RoleBinding", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.scheduling.v1.PriorityClass": { + "additionalProperties": false, + "description": "PriorityClass defines mapping from a priority class name to the priority integer value. The value can be any valid integer.", + "properties": { + "description": { + "description": "description is an arbitrary string that usually provides guidelines on when this priority class should be used.", + "type": "string" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "globalDefault": { + "description": "globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.", + "type": "boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", + "type": "string" + }, + "value": { + "description": "The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "value" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "scheduling.k8s.io", + "kind": "PriorityClass", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.storage.v1.StorageClass": { + "additionalProperties": false, + "description": "StorageClass describes the parameters for a class of storage for which PersistentVolumes can be dynamically provisioned.\n\nStorageClasses are non-namespaced; the name of the storage class according to etcd is in ObjectMeta.Name.", + "properties": { + "allowVolumeExpansion": { + "description": "AllowVolumeExpansion shows whether the storage class allow volume expand", + "type": "boolean" + }, + "allowedTopologies": { + "description": "Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.", + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySelectorTerm" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "mountOptions": { + "description": "Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. [\"ro\", \"soft\"]. Not validated - mount of the PVs will simply fail if one is invalid.", + "items": { + "type": "string" + }, + "type": "array" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters holds the parameters for the provisioner that should create volumes of this storage class.", + "type": "object" + }, + "provisioner": { + "description": "Provisioner indicates the type of the provisioner.", + "type": "string" + }, + "reclaimPolicy": { + "description": "Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete.", + "type": "string" + }, + "volumeBindingMode": { + "description": "VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.", + "type": "string" + } + }, + "required": [ + "provisioner" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "StorageClass", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition": { + "additionalProperties": false, + "description": "CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format \u003c.spec.name\u003e.\u003c.spec.group\u003e.", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec", + "description": "spec describes how the user wants the resources to appear" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiextensions.k8s.io", + "kind": "CustomResourceDefinition", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService": { + "additionalProperties": false, + "description": "APIService represents a server for a particular GroupVersion. Name must be \"version.group\".", + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec", + "description": "Spec contains information for locating and communicating with a server" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiregistration.k8s.io", + "kind": "APIService", + "version": "v1" + } + ] + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "alertmanagerconfigs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "apiservices": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "certificatesigningrequests": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clusterexternalsecrets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clusterrolebindings": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clusterroles": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clustersecretstores": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "configmaps": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "cronjobs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "customresourcedefinitions": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "daemonsets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "deployments": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "externalsecrets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "horizontalpodautoscalers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "images": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "ingressclasses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "ingresses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "jobs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "mutatingwebhookconfigurations": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "networkpolicies": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "persistentvolumeclaims": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "persistentvolumes": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "poddisruptionbudgets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "podmonitors": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "pods": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "priorityclasses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "prometheusrules": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "rolebindings": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "roles": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "secrets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "secretstores": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "serviceaccounts": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "services": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "statefulsets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "storageclasses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "validatingwebhookconfigurations": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + } + }, + "properties": { + "alertmanagerconfigs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + } + }, + "type": "object" + }, + "apiservices": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService" + } + }, + "type": "object" + }, + "certificatesigningrequests": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "type": "object" + }, + "clusterexternalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + } + }, + "type": "object" + }, + "clusterrolebindings": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding" + } + }, + "type": "object" + }, + "clusterroles": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRole" + } + }, + "type": "object" + }, + "clustersecretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + } + }, + "type": "object" + }, + "configmaps": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ConfigMap" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "cronjobs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.CronJob" + } + }, + "type": "object" + }, + "customresourcedefinitions": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition" + } + }, + "type": "object" + }, + "daemonsets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DaemonSet" + } + }, + "type": "object" + }, + "deployments": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.Deployment" + } + }, + "type": "object" + }, + "externalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + } + }, + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "horizontalpodautoscalers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler" + } + }, + "type": "object" + }, + "images": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.internal.Image" + } + }, + "type": "object" + }, + "ingressclasses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.IngressClass" + } + }, + "type": "object" + }, + "ingresses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.Ingress" + } + }, + "type": "object" + }, + "jobs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.Job" + } + }, + "type": "object" + }, + "mutatingwebhookconfigurations": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" + } + }, + "type": "object" + }, + "networkpolicies": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.NetworkPolicy" + } + }, + "type": "object" + }, + "persistentvolumeclaims": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "type": "object" + }, + "persistentvolumes": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolume" + } + }, + "type": "object" + }, + "poddisruptionbudgets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "type": "object" + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "pods": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + } + }, + "type": "object" + }, + "priorityclasses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.scheduling.v1.PriorityClass" + } + }, + "type": "object" + }, + "prometheusrules": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + } + }, + "type": "object" + }, + "rolebindings": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.RoleBinding" + } + }, + "type": "object" + }, + "roles": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.Role" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Secret" + } + }, + "type": "object" + }, + "secretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + } + }, + "type": "object" + }, + "serviceaccounts": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ServiceAccount" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "alertmanagerconfigs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "apiservices": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "certificatesigningrequests": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clusterexternalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clusterrolebindings": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clusterroles": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRole" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clustersecretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "configmaps": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ConfigMap" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "containers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.core.v1.Container" + } + }, + "type": "object" + }, + "cronjobs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.CronJob" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "customresourcedefinitions": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "daemonsets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DaemonSet" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "deployments": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.Deployment" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "externalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "horizontalpodautoscalers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "images": { + "properties": { + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "ingressclasses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.IngressClass" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "ingresses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.Ingress" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "jobs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.Job" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "mutatingwebhookconfigurations": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "networkpolicies": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.NetworkPolicy" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "persistentvolumeclaims": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "persistentvolumes": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolume" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "poddisruptionbudgets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "podmonitors": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "pods": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "priorityclasses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.scheduling.v1.PriorityClass" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "prometheusrules": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "rolebindings": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.RoleBinding" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "roles": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.Role" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "secrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Secret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "secretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "serviceaccounts": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ServiceAccount" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "services": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "statefulsets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.StatefulSet" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "storageclasses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.storage.v1.StorageClass" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "validatingwebhookconfigurations": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "statefulsets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.StatefulSet" + } + }, + "type": "object" + }, + "storageclasses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.storage.v1.StorageClass" + } + }, + "type": "object" + }, + "validatingwebhookconfigurations": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/simple/values.schema.json b/charts/simple/values.schema.json new file mode 100644 index 0000000..3c9c2f7 --- /dev/null +++ b/charts/simple/values.schema.json @@ -0,0 +1,9650 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "definitions": { + "com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata": { + "additionalProperties": false, + "properties": { + "node": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth": { + "additionalProperties": false, + "properties": { + "password": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "username": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector": { + "additionalProperties": false, + "properties": { + "any": { + "type": "boolean" + }, + "matchNames": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2": { + "additionalProperties": false, + "properties": { + "clientId": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "clientSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "endpointParams": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "scopes": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "default": "", + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector", + "default": {} + }, + "enableHttp2": { + "type": "boolean" + }, + "filterRunning": { + "type": "boolean" + }, + "followRedirects": { + "type": "boolean" + }, + "honorLabels": { + "type": "boolean" + }, + "honorTimestamps": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "metricRelabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "params": { + "additionalProperties": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "port": { + "type": "string" + }, + "proxyUrl": { + "type": "string" + }, + "relabelings": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig" + }, + "type": "array" + }, + "scheme": { + "type": "string" + }, + "scrapeTimeout": { + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpointTLSConfig": { + "additionalProperties": false, + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec": { + "additionalProperties": false, + "properties": { + "attachMetadata": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.AttachMetadata" + }, + "jobLabel": { + "type": "string" + }, + "labelLimit": { + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.NamespaceSelector", + "default": {} + }, + "podMetricsEndpoints": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMetricsEndpoint", + "default": {} + }, + "type": "array" + }, + "podTargetLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "format": "int64", + "type": "integer" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {} + }, + "targetLimit": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "podMetricsEndpoints", + "selector" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec": { + "additionalProperties": false, + "properties": { + "groups": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RelabelConfig": { + "additionalProperties": false, + "properties": { + "action": { + "type": "string" + }, + "modulus": { + "format": "int64", + "type": "integer" + }, + "regex": { + "type": "string" + }, + "replacement": { + "type": "string" + }, + "separator": { + "type": "string" + }, + "sourceLabels": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Rule": { + "additionalProperties": false, + "properties": { + "alert": { + "type": "string" + }, + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "expr": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString", + "default": {} + }, + "for": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "record": { + "type": "string" + } + }, + "required": [ + "expr" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.RuleGroup": { + "additionalProperties": false, + "properties": { + "interval": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "partial_response_strategy": { + "type": "string" + }, + "rules": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Rule", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name", + "rules" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization": { + "additionalProperties": false, + "properties": { + "credentials": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig": { + "additionalProperties": false, + "properties": { + "ca": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "cert": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap", + "default": {} + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keySecret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.SecretOrConfigMap": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4": { + "additionalProperties": false, + "properties": { + "accessKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + }, + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + }, + "secretKey": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec": { + "additionalProperties": false, + "properties": { + "inhibitRules": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule", + "default": {} + }, + "type": "array" + }, + "receivers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver", + "default": {} + }, + "type": "array" + }, + "route": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route" + }, + "timeIntervals": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange": { + "additionalProperties": false, + "properties": { + "end": { + "format": "int32", + "type": "integer" + }, + "start": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig": { + "additionalProperties": false, + "properties": { + "authIdentity": { + "type": "string" + }, + "authPassword": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "authSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "authUsername": { + "type": "string" + }, + "from": { + "type": "string" + }, + "headers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "hello": { + "type": "string" + }, + "html": { + "type": "string" + }, + "requireTLS": { + "type": "boolean" + }, + "sendResolved": { + "type": "boolean" + }, + "smarthost": { + "type": "string" + }, + "text": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig" + }, + "to": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig": { + "additionalProperties": false, + "properties": { + "authorization": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeAuthorization" + }, + "basicAuth": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.BasicAuth" + }, + "bearerTokenSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "followRedirects": { + "type": "boolean" + }, + "oauth2": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.OAuth2" + }, + "proxyURL": { + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.SafeTLSConfig" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.InhibitRule": { + "additionalProperties": false, + "properties": { + "equal": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "sourceMatch": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "targetMatch": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher": { + "additionalProperties": false, + "properties": { + "matchType": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig": { + "additionalProperties": false, + "properties": { + "actions": { + "type": "string" + }, + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "apiURL": { + "type": "string" + }, + "description": { + "type": "string" + }, + "details": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entity": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "note": { + "type": "string" + }, + "priority": { + "type": "string" + }, + "responders": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder", + "default": {} + }, + "type": "array" + }, + "sendResolved": { + "type": "boolean" + }, + "source": { + "type": "string" + }, + "tags": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfigResponder": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "type": { + "default": "", + "type": "string" + }, + "username": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig": { + "additionalProperties": false, + "properties": { + "class": { + "type": "string" + }, + "client": { + "type": "string" + }, + "clientURL": { + "type": "string" + }, + "component": { + "type": "string" + }, + "description": { + "type": "string" + }, + "details": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "group": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "pagerDutyImageConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig", + "default": {} + }, + "type": "array" + }, + "pagerDutyLinkConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig", + "default": {} + }, + "type": "array" + }, + "routingKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "sendResolved": { + "type": "boolean" + }, + "serviceKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "severity": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyImageConfig": { + "additionalProperties": false, + "properties": { + "alt": { + "type": "string" + }, + "href": { + "type": "string" + }, + "src": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyLinkConfig": { + "additionalProperties": false, + "properties": { + "alt": { + "type": "string" + }, + "href": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig": { + "additionalProperties": false, + "properties": { + "expire": { + "type": "string" + }, + "html": { + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "priority": { + "type": "string" + }, + "retry": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "sound": { + "type": "string" + }, + "title": { + "type": "string" + }, + "token": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "url": { + "type": "string" + }, + "urlTitle": { + "type": "string" + }, + "userKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Receiver": { + "additionalProperties": false, + "properties": { + "emailConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.EmailConfig", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + }, + "opsgenieConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.OpsGenieConfig", + "default": {} + }, + "type": "array" + }, + "pagerdutyConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PagerDutyConfig", + "default": {} + }, + "type": "array" + }, + "pushoverConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.PushoverConfig", + "default": {} + }, + "type": "array" + }, + "slackConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig", + "default": {} + }, + "type": "array" + }, + "snsConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig", + "default": {} + }, + "type": "array" + }, + "telegramConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig", + "default": {} + }, + "type": "array" + }, + "victoropsConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig", + "default": {} + }, + "type": "array" + }, + "webhookConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig", + "default": {} + }, + "type": "array" + }, + "wechatConfigs": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Route": { + "additionalProperties": false, + "properties": { + "continue": { + "type": "boolean" + }, + "groupBy": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "groupInterval": { + "type": "string" + }, + "groupWait": { + "type": "string" + }, + "matchers": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.Matcher", + "default": {} + }, + "type": "array" + }, + "muteTimeIntervals": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "receiver": { + "default": "", + "type": "string" + }, + "repeatInterval": { + "type": "string" + }, + "routes": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SNSConfig": { + "additionalProperties": false, + "properties": { + "apiURL": { + "type": "string" + }, + "attributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "phoneNumber": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "sigv4": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.Sigv4" + }, + "subject": { + "type": "string" + }, + "targetARN": { + "type": "string" + }, + "topicARN": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction": { + "additionalProperties": false, + "properties": { + "confirm": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField" + }, + "name": { + "type": "string" + }, + "style": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "type": { + "default": "", + "type": "string" + }, + "url": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "type", + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfig": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackAction", + "default": {} + }, + "type": "array" + }, + "apiURL": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "callbackId": { + "type": "string" + }, + "channel": { + "type": "string" + }, + "color": { + "type": "string" + }, + "fallback": { + "type": "string" + }, + "fields": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField", + "default": {} + }, + "type": "array" + }, + "footer": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "iconEmoji": { + "type": "string" + }, + "iconURL": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "linkNames": { + "type": "boolean" + }, + "mrkdwnIn": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "pretext": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackConfirmationField": { + "additionalProperties": false, + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "default": "", + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SlackField": { + "additionalProperties": false, + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "default": "", + "type": "string" + }, + "value": { + "default": "", + "type": "string" + } + }, + "required": [ + "title", + "value" + ], + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TelegramConfig": { + "additionalProperties": false, + "properties": { + "apiURL": { + "type": "string" + }, + "botToken": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "chatID": { + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "type": "boolean" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "parseMode": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeInterval": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "timeIntervals": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimePeriod": { + "additionalProperties": false, + "properties": { + "daysOfMonth": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.DayOfMonthRange", + "default": {} + }, + "type": "array" + }, + "months": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "times": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange", + "default": {} + }, + "type": "array" + }, + "weekdays": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "years": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.TimeRange": { + "additionalProperties": false, + "properties": { + "endTime": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.VictorOpsConfig": { + "additionalProperties": false, + "properties": { + "apiKey": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "apiUrl": { + "type": "string" + }, + "customFields": { + "items": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.KeyValue", + "default": {} + }, + "type": "array" + }, + "entityDisplayName": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "messageType": { + "type": "string" + }, + "monitoringTool": { + "type": "string" + }, + "routingKey": { + "default": "", + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "stateMessage": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WeChatConfig": { + "additionalProperties": false, + "properties": { + "agentID": { + "type": "string" + }, + "apiSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + }, + "apiURL": { + "type": "string" + }, + "corpID": { + "type": "string" + }, + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "message": { + "type": "string" + }, + "messageType": { + "type": "string" + }, + "sendResolved": { + "type": "boolean" + }, + "toParty": { + "type": "string" + }, + "toTag": { + "type": "string" + }, + "toUser": { + "type": "string" + } + }, + "type": "object" + }, + "com.coreos.monitoring.pkg.apis.monitoring.v1beta1.WebhookConfig": { + "additionalProperties": false, + "properties": { + "httpConfig": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.HTTPConfig" + }, + "maxAlerts": { + "format": "int32", + "type": "integer" + }, + "sendResolved": { + "type": "boolean" + }, + "url": { + "type": "string" + }, + "urlSecret": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth": { + "additionalProperties": false, + "properties": { + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSAuthSecretRef": { + "additionalProperties": false, + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSJWTAuth": { + "additionalProperties": false, + "properties": { + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSAuth", + "default": {} + }, + "region": { + "default": "", + "type": "string" + }, + "role": { + "type": "string" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "service", + "region" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth": { + "additionalProperties": false, + "properties": { + "kubernetesAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuthSecretRef": { + "additionalProperties": false, + "properties": { + "accessID": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessType": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessTypeParam": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessKubernetesAuth": { + "additionalProperties": false, + "properties": { + "accessID": { + "default": "", + "type": "string" + }, + "k8sConfName": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "required": [ + "accessID", + "k8sConfName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider": { + "additionalProperties": false, + "properties": { + "akeylessGWApiURL": { + "type": "string" + }, + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessAuth" + } + }, + "required": [ + "akeylessGWApiURL", + "authSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuthSecretRef": { + "additionalProperties": false, + "properties": { + "accessKeyIDSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "accessKeySecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaAuth" + }, + "endpoint": { + "default": "", + "type": "string" + }, + "regionID": { + "default": "", + "type": "string" + } + }, + "required": [ + "auth", + "regionID" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth": { + "additionalProperties": false, + "properties": { + "clientId": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + }, + "clientSecret": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider": { + "additionalProperties": false, + "properties": { + "authSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVAuth" + }, + "authType": { + "type": "string" + }, + "environmentType": { + "type": "string" + }, + "identityId": { + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + }, + "tenantId": { + "type": "string" + }, + "vaultUrl": { + "type": "string" + } + }, + "required": [ + "vaultUrl" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CAProvider": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "type": "string" + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.CertAuth": { + "additionalProperties": false, + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "clientKey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec": { + "additionalProperties": false, + "properties": { + "externalSecretName": { + "default": "", + "type": "string" + }, + "externalSecretSpec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {} + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "default": {} + }, + "refreshTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + } + }, + "required": [ + "externalSecretSpec", + "namespaceSelector" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition": { + "additionalProperties": false, + "properties": { + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaces": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef", + "default": {} + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuthSecretRef": { + "additionalProperties": false, + "properties": { + "dopplerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "dopplerToken" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerAuth" + }, + "config": { + "type": "string" + }, + "format": { + "type": "string" + }, + "nameTransformer": { + "type": "string" + }, + "project": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData": { + "additionalProperties": false, + "properties": { + "remoteRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef", + "default": {} + }, + "secretKey": { + "default": "", + "type": "string" + } + }, + "required": [ + "secretKey", + "remoteRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef": { + "additionalProperties": false, + "properties": { + "extract": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef" + }, + "find": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind" + }, + "rewrite": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataRemoteRef": { + "additionalProperties": false, + "properties": { + "conversionStrategy": { + "type": "string" + }, + "decodingStrategy": { + "type": "string" + }, + "key": { + "default": "", + "type": "string" + }, + "metadataPolicy": { + "type": "string" + }, + "property": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretFind": { + "additionalProperties": false, + "properties": { + "conversionStrategy": { + "type": "string" + }, + "decodingStrategy": { + "type": "string" + }, + "name": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FindName" + }, + "path": { + "type": "string" + }, + "tags": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewrite": { + "additionalProperties": false, + "properties": { + "regexp": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretRewriteRegexp": { + "additionalProperties": false, + "properties": { + "source": { + "default": "", + "type": "string" + }, + "target": { + "default": "", + "type": "string" + } + }, + "required": [ + "source", + "target" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec": { + "additionalProperties": false, + "properties": { + "data": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretData", + "default": {} + }, + "type": "array" + }, + "dataFrom": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretDataFromRemoteRef", + "default": {} + }, + "type": "array" + }, + "refreshInterval": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "secretStoreRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef", + "default": {} + }, + "target": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget", + "default": {} + } + }, + "required": [ + "secretStoreRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTarget": { + "additionalProperties": false, + "properties": { + "creationPolicy": { + "type": "string" + }, + "deletionPolicy": { + "type": "string" + }, + "immutable": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplate": { + "additionalProperties": false, + "properties": { + "data": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata", + "default": {} + }, + "templateFrom": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom", + "default": {} + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretTemplateMetadata": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider": { + "additionalProperties": false, + "properties": { + "data": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FakeProviderData": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + }, + "value": { + "type": "string" + }, + "valueMap": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.FindName": { + "additionalProperties": false, + "properties": { + "regexp": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef" + }, + "workloadIdentity": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretAccessKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMAuth", + "default": {} + }, + "projectID": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GCPWorkloadIdentity": { + "additionalProperties": false, + "properties": { + "clusterLocation": { + "default": "", + "type": "string" + }, + "clusterName": { + "default": "", + "type": "string" + }, + "clusterProjectID": { + "type": "string" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {} + } + }, + "required": [ + "serviceAccountRef", + "clusterLocation", + "clusterName" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth": { + "additionalProperties": false, + "properties": { + "SecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef", + "default": {} + } + }, + "required": [ + "SecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabAuth", + "default": {} + }, + "environment": { + "type": "string" + }, + "projectID": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.GitlabSecretRef": { + "additionalProperties": false, + "properties": { + "accessToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth": { + "additionalProperties": false, + "properties": { + "containerAuth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth", + "default": {} + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthContainerAuth": { + "additionalProperties": false, + "properties": { + "iamEndpoint": { + "type": "string" + }, + "profile": { + "default": "", + "type": "string" + }, + "tokenLocation": { + "type": "string" + } + }, + "required": [ + "profile" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMAuthSecretRef": { + "additionalProperties": false, + "properties": { + "secretApiKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMAuth", + "default": {} + }, + "serviceUrl": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth": { + "additionalProperties": false, + "properties": { + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CertAuth" + }, + "serviceAccount": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + }, + "token": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesAuth", + "default": {} + }, + "remoteNamespace": { + "default": "", + "type": "string" + }, + "server": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer", + "default": {} + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.KubernetesServer": { + "additionalProperties": false, + "properties": { + "caBundle": { + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef" + } + }, + "required": [ + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuthSecretRef": { + "additionalProperties": false, + "properties": { + "connectTokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "connectTokenSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordAuth" + }, + "connectHost": { + "default": "", + "type": "string" + }, + "vaults": { + "additionalProperties": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "type": "object" + } + }, + "required": [ + "auth", + "connectHost", + "vaults" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth": { + "additionalProperties": false, + "properties": { + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef", + "default": {} + }, + "tenancy": { + "default": "", + "type": "string" + }, + "user": { + "default": "", + "type": "string" + } + }, + "required": [ + "tenancy", + "user", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleAuth" + }, + "region": { + "default": "", + "type": "string" + }, + "vault": { + "default": "", + "type": "string" + } + }, + "required": [ + "region", + "vault" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.OracleSecretRef": { + "additionalProperties": false, + "properties": { + "fingerprint": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "privatekey": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "privatekey", + "fingerprint" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider": { + "additionalProperties": false, + "properties": { + "akeyless": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AkeylessProvider" + }, + "alibaba": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AlibabaProvider" + }, + "aws": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AWSProvider" + }, + "azurekv": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.AzureKVProvider" + }, + "doppler": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.DopplerProvider" + }, + "fake": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.FakeProvider" + }, + "gcpsm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GCPSMProvider" + }, + "gitlab": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.GitlabProvider" + }, + "ibm": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.IBMProvider" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.KubernetesProvider" + }, + "onepassword": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OnePasswordProvider" + }, + "oracle": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.OracleProvider" + }, + "senhasegura": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider" + }, + "vault": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider" + }, + "webhook": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider" + }, + "yandexcertificatemanager": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider" + }, + "yandexlockbox": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRef": { + "additionalProperties": false, + "properties": { + "kind": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings": { + "additionalProperties": false, + "properties": { + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "retryInterval": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec": { + "additionalProperties": false, + "properties": { + "conditions": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStoreCondition", + "default": {} + }, + "type": "array" + }, + "controller": { + "default": "", + "type": "string" + }, + "provider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreProvider" + }, + "refreshInterval": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "retrySettings": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreRetrySettings" + } + }, + "required": [ + "provider" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth": { + "additionalProperties": false, + "properties": { + "clientId": { + "default": "", + "type": "string" + }, + "clientSecretSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "clientId", + "clientSecretSecretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SenhaseguraAuth", + "default": {} + }, + "ignoreSslCertificate": { + "type": "boolean" + }, + "module": { + "default": "", + "type": "string" + }, + "url": { + "default": "", + "type": "string" + } + }, + "required": [ + "url", + "module", + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateFrom": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + }, + "secret": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRef": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem", + "default": {} + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + } + }, + "required": [ + "name", + "items" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TemplateRefItem": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.TokenAuth": { + "additionalProperties": false, + "properties": { + "bearerToken": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole": { + "additionalProperties": false, + "properties": { + "path": { + "default": "", + "type": "string" + }, + "roleId": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "path", + "roleId", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth": { + "additionalProperties": false, + "properties": { + "appRole": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAppRole" + }, + "cert": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth" + }, + "jwt": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth" + }, + "kubernetes": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth" + }, + "ldap": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth" + }, + "tokenSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultCertAuth": { + "additionalProperties": false, + "properties": { + "clientCert": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultJwtAuth": { + "additionalProperties": false, + "properties": { + "kubernetesServiceAccountToken": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth" + }, + "path": { + "default": "", + "type": "string" + }, + "role": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesAuth": { + "additionalProperties": false, + "properties": { + "mountPath": { + "default": "", + "type": "string" + }, + "role": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector" + } + }, + "required": [ + "mountPath", + "role" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultKubernetesServiceAccountTokenAuth": { + "additionalProperties": false, + "properties": { + "audiences": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "serviceAccountRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.ServiceAccountSelector", + "default": {} + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultLdapAuth": { + "additionalProperties": false, + "properties": { + "path": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + }, + "username": { + "default": "", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.VaultProvider": { + "additionalProperties": false, + "properties": { + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.VaultAuth", + "default": {} + }, + "caBundle": { + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.CAProvider" + }, + "forwardInconsistent": { + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readYourWrites": { + "type": "boolean" + }, + "server": { + "default": "", + "type": "string" + }, + "version": { + "default": "", + "type": "string" + } + }, + "required": [ + "auth", + "server", + "version" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "type": "string" + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "type", + "name" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookProvider": { + "additionalProperties": false, + "properties": { + "body": { + "type": "string" + }, + "caBundle": { + "format": "byte", + "type": "string" + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookCAProvider" + }, + "headers": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "method": { + "type": "string" + }, + "result": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult", + "default": {} + }, + "secrets": { + "items": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret", + "default": {} + }, + "type": "array" + }, + "timeout": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "url": { + "default": "", + "type": "string" + } + }, + "required": [ + "url", + "result" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookResult": { + "additionalProperties": false, + "properties": { + "jsonPath": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.WebhookSecret": { + "additionalProperties": false, + "properties": { + "name": { + "default": "", + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "required": [ + "name", + "secretRef" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerProvider": { + "additionalProperties": false, + "properties": { + "apiEndpoint": { + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerAuth", + "default": {} + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexCertificateManagerCAProvider" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth": { + "additionalProperties": false, + "properties": { + "authorizedKeySecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider": { + "additionalProperties": false, + "properties": { + "certSecretRef": { + "$ref": "#/definitions/io.external-secrets.apis.meta.v1.SecretKeySelector", + "default": {} + } + }, + "type": "object" + }, + "io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxProvider": { + "additionalProperties": false, + "properties": { + "apiEndpoint": { + "type": "string" + }, + "auth": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxAuth", + "default": {} + }, + "caProvider": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.YandexLockboxCAProvider" + } + }, + "required": [ + "auth" + ], + "type": "object" + }, + "io.external-secrets.apis.meta.v1.SecretKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "io.external-secrets.apis.meta.v1.ServiceAccountSelector": { + "additionalProperties": false, + "properties": { + "audiences": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "name": { + "default": "", + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.MutatingWebhook": { + "additionalProperties": false, + "properties": { + "admissionReviewVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "clientConfig": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig" + }, + "failurePolicy": { + "type": "string" + }, + "matchPolicy": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "objectSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "reinvocationPolicy": { + "type": "string" + }, + "rules": { + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" + }, + "type": "array" + }, + "sideEffects": { + "type": "string" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.RuleWithOperations": { + "additionalProperties": false, + "properties": { + "apiGroups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "operations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "resources": { + "items": { + "type": "string" + }, + "type": "array" + }, + "scope": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.ServiceReference": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "path": { + "type": "string" + }, + "port": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "namespace", + "name" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.ValidatingWebhook": { + "additionalProperties": false, + "properties": { + "admissionReviewVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "clientConfig": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig" + }, + "failurePolicy": { + "type": "string" + }, + "matchPolicy": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "objectSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "rules": { + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" + }, + "type": "array" + }, + "sideEffects": { + "type": "string" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" + ], + "type": "object" + }, + "io.k8s.api.admissionregistration.v1.WebhookClientConfig": { + "additionalProperties": false, + "properties": { + "caBundle": { + "format": "byte", + "type": "string" + }, + "service": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ServiceReference" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.DaemonSetUpdateStrategy": { + "additionalProperties": false, + "properties": { + "rollingUpdate": { + "$ref": "#/definitions/io.k8s.api.apps.v1.RollingUpdateDaemonSet" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.DeploymentStrategy": { + "additionalProperties": false, + "properties": { + "rollingUpdate": { + "$ref": "#/definitions/io.k8s.api.apps.v1.RollingUpdateDeployment" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.RollingUpdateDaemonSet": { + "additionalProperties": false, + "properties": { + "maxSurge": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.RollingUpdateDeployment": { + "additionalProperties": false, + "properties": { + "maxSurge": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.RollingUpdateStatefulSetStrategy": { + "additionalProperties": false, + "properties": { + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "partition": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy": { + "additionalProperties": false, + "properties": { + "whenDeleted": { + "type": "string" + }, + "whenScaled": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.apps.v1.StatefulSetUpdateStrategy": { + "additionalProperties": false, + "properties": { + "rollingUpdate": { + "$ref": "#/definitions/io.k8s.api.apps.v1.RollingUpdateStatefulSetStrategy" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.autoscaling.v1.CrossVersionObjectReference": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec": { + "additionalProperties": false, + "properties": { + "maxReplicas": { + "format": "int32", + "type": "integer" + }, + "minReplicas": { + "format": "int32", + "type": "integer" + }, + "scaleTargetRef": { + "$ref": "#/definitions/io.k8s.api.autoscaling.v1.CrossVersionObjectReference" + }, + "targetCPUUtilizationPercentage": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "scaleTargetRef", + "maxReplicas" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicy": { + "additionalProperties": false, + "properties": { + "rules": { + "items": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyRule" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "rules" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement": { + "additionalProperties": false, + "properties": { + "containerName": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator", + "values" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern": { + "additionalProperties": false, + "properties": { + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.PodFailurePolicyRule": { + "additionalProperties": false, + "properties": { + "action": { + "type": "string" + }, + "onExitCodes": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement" + }, + "onPodConditions": { + "items": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "action", + "onPodConditions" + ], + "type": "object" + }, + "io.k8s.api.certificates.v1.CertificateSigningRequestSpec": { + "additionalProperties": false, + "properties": { + "expirationSeconds": { + "format": "int32", + "type": "integer" + }, + "extra": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "groups": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "request": { + "format": "byte", + "type": "string", + "x-kubernetes-list-type": "atomic" + }, + "signerName": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "usages": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "username": { + "type": "string" + } + }, + "required": [ + "request", + "signerName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Affinity": { + "additionalProperties": false, + "properties": { + "nodeAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAffinity" + }, + "podAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinity" + }, + "podAntiAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAntiAffinity" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFilePersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "secretNamespace": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "additionalProperties": false, + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "controllerExpandSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "controllerPublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodeExpandSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "nodePublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "nodeStageSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "volumeHandle": { + "type": "string" + } + }, + "required": [ + "driver", + "volumeHandle" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIVolumeSource": { + "additionalProperties": false, + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Capabilities": { + "additionalProperties": false, + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.CephFSPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CephFSVolumeSource": { + "additionalProperties": false, + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ClientIPConfig": { + "additionalProperties": false, + "properties": { + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapEnvSource": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ConfigMapProjection": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ContainerPort": { + "additionalProperties": false, + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIProjection": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "additionalProperties": false, + "properties": { + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "additionalProperties": false, + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvFromSource": { + "additionalProperties": false, + "properties": { + "configMapRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapEnvSource" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretEnvSource" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvVar": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVarSource" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EnvVarSource": { + "additionalProperties": false, + "properties": { + "configMapKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector" + }, + "fieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + }, + "resourceFieldRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" + }, + "secretKeyRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralContainer": { + "additionalProperties": false, + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "type": "array" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" + }, + "livenessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "startupProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "additionalProperties": false, + "properties": { + "volumeClaimTemplate": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimTemplate" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ExecAction": { + "additionalProperties": false, + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FCVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FlexPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlexVolumeSource": { + "additionalProperties": false, + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlockerVolumeSource": { + "additionalProperties": false, + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GRPCAction": { + "additionalProperties": false, + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "additionalProperties": false, + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "endpoints": { + "type": "string" + }, + "endpointsNamespace": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "additionalProperties": false, + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPGetAction": { + "additionalProperties": false, + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPHeader" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPHeader": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostAlias": { + "additionalProperties": false, + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ip": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.HostPathVolumeSource": { + "additionalProperties": false, + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "additionalProperties": false, + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.KeyToPath": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Lifecycle": { + "additionalProperties": false, + "properties": { + "postStart": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" + }, + "preStop": { + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LifecycleHandler": { + "additionalProperties": false, + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.LocalVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NFSVolumeSource": { + "additionalProperties": false, + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "server", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeAffinity": { + "additionalProperties": false, + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PreferredSchedulingTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelector": { + "additionalProperties": false, + "properties": { + "nodeSelectorTerms": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelectorTerm": { + "additionalProperties": false, + "properties": { + "matchExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + }, + "matchFields": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectFieldSelector": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectReference": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "resourceVersion": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolumeClaim": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "enum": [ + "v1" + ], + "type": "string" + }, + "kind": { + "enum": [ + "PersistentVolumeClaim" + ], + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + }, + "status": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimStatus" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { + "additionalProperties": false, + "properties": { + "lastProbeTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastTransitionTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "additionalProperties": false, + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + }, + "dataSourceRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "additionalProperties": false, + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "allocatedResources": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "conditions": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimCondition" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "phase": { + "type": "string" + }, + "resizeStatus": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "additionalProperties": false, + "properties": { + "metadata": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "additionalProperties": false, + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeSpec": { + "additionalProperties": false, + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "awsElasticBlockStore": { + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + }, + "azureDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" + }, + "azureFile": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFilePersistentVolumeSource" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "cephfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource" + }, + "cinder": { + "$ref": "#/definitions/io.k8s.api.core.v1.CinderPersistentVolumeSource" + }, + "claimRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", + "x-kubernetes-map-type": "granular" + }, + "csi": { + "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource" + }, + "fc": { + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlexPersistentVolumeSource" + }, + "flocker": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "glusterfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource" + }, + "hostPath": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "iscsi": { + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIPersistentVolumeSource" + }, + "local": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalVolumeSource" + }, + "mountOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "nfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" + }, + "nodeAffinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeNodeAffinity" + }, + "persistentVolumeReclaimPolicy": { + "type": "string" + }, + "photonPersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + }, + "quobyte": { + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + }, + "rbd": { + "$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource" + }, + "scaleIO": { + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource" + }, + "storageClassName": { + "type": "string" + }, + "storageos": { + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSPersistentVolumeSource" + }, + "volumeMode": { + "type": "string" + }, + "vsphereVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinity": { + "additionalProperties": false, + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinityTerm": { + "additionalProperties": false, + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAntiAffinity": { + "additionalProperties": false, + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodDNSConfig": { + "additionalProperties": false, + "properties": { + "nameservers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "options": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfigOption" + }, + "type": "array" + }, + "searches": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodDNSConfigOption": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodOS": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodReadinessGate": { + "additionalProperties": false, + "properties": { + "conditionType": { + "type": "string" + } + }, + "required": [ + "conditionType" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodSecurityContext": { + "additionalProperties": false, + "properties": { + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "sysctls": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl" + }, + "type": "array" + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PortworxVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PreferredSchedulingTerm": { + "additionalProperties": false, + "properties": { + "preference": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "preference" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Probe": { + "additionalProperties": false, + "properties": { + "exec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction" + }, + "httpGet": { + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "additionalProperties": false, + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "additionalProperties": false, + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "additionalProperties": false, + "properties": { + "limits": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SELinuxOptions": { + "additionalProperties": false, + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SeccompProfile": { + "additionalProperties": false, + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "io.k8s.api.core.v1.SecretEnvSource": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretKeySelector": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretProjection": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretReference": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "additionalProperties": false, + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecurityContext": { + "additionalProperties": false, + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "seccompProfile": { + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + }, + "windowsOptions": { + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "additionalProperties": false, + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ServicePort": { + "additionalProperties": false, + "properties": { + "appProtocol": { + "type": "string" + }, + "name": { + "type": "string" + }, + "nodePort": { + "format": "int32", + "type": "integer" + }, + "port": { + "format": "int32", + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ServiceSpec": { + "additionalProperties": false, + "properties": { + "allocateLoadBalancerNodePorts": { + "type": "boolean" + }, + "clusterIP": { + "type": "string" + }, + "clusterIPs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "externalName": { + "type": "string" + }, + "externalTrafficPolicy": { + "type": "string" + }, + "healthCheckNodePort": { + "format": "int32", + "type": "integer" + }, + "internalTrafficPolicy": { + "type": "string" + }, + "ipFamilies": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ipFamilyPolicy": { + "type": "string" + }, + "loadBalancerClass": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ports": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServicePort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "port", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "port", + "x-kubernetes-patch-strategy": "merge" + }, + "publishNotReadyAddresses": { + "type": "boolean" + }, + "selector": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "type": "string" + }, + "sessionAffinityConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.SessionAffinityConfig" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SessionAffinityConfig": { + "additionalProperties": false, + "properties": { + "clientIP": { + "$ref": "#/definitions/io.k8s.api.core.v1.ClientIPConfig" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSPersistentVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Sysctl": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TCPSocketAction": { + "additionalProperties": false, + "properties": { + "host": { + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Toleration": { + "additionalProperties": false, + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.TopologySelectorLabelRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "values" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TopologySelectorTerm": { + "additionalProperties": false, + "properties": { + "matchLabelExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySelectorLabelRequirement" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.TopologySpreadConstraint": { + "additionalProperties": false, + "properties": { + "labelSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "format": "int32", + "type": "integer" + }, + "minDomains": { + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.Volume": { + "additionalProperties": false, + "properties": { + "awsElasticBlockStore": { + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + }, + "azureDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" + }, + "azureFile": { + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource" + }, + "cephfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource" + }, + "cinder": { + "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource" + }, + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" + }, + "csi": { + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource" + }, + "emptyDir": { + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" + }, + "ephemeral": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" + }, + "fc": { + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource" + }, + "flocker": { + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "gitRepo": { + "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource" + }, + "glusterfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource" + }, + "hostPath": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "iscsi": { + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource" + }, + "name": { + "type": "string" + }, + "nfs": { + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" + }, + "persistentVolumeClaim": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" + }, + "photonPersistentDisk": { + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + }, + "projected": { + "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource" + }, + "quobyte": { + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + }, + "rbd": { + "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource" + }, + "scaleIO": { + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" + }, + "storageos": { + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource" + }, + "vsphereVolume": { + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeDevice": { + "additionalProperties": false, + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "devicePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMount": { + "additionalProperties": false, + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeNodeAffinity": { + "additionalProperties": false, + "properties": { + "required": { + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VolumeProjection": { + "additionalProperties": false, + "properties": { + "configMap": { + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapProjection" + }, + "downwardAPI": { + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIProjection" + }, + "secret": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecretProjection" + }, + "serviceAccountToken": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccountTokenProjection" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "additionalProperties": false, + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WeightedPodAffinityTerm": { + "additionalProperties": false, + "properties": { + "podAffinityTerm": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "podAffinityTerm" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WindowsSecurityContextOptions": { + "additionalProperties": false, + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.HTTPIngressPath": { + "additionalProperties": false, + "properties": { + "backend": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressBackend" + }, + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + }, + "required": [ + "pathType", + "backend" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.HTTPIngressRuleValue": { + "additionalProperties": false, + "properties": { + "paths": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.HTTPIngressPath" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "paths" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IPBlock": { + "additionalProperties": false, + "properties": { + "cidr": { + "type": "string" + }, + "except": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "cidr" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IngressBackend": { + "additionalProperties": false, + "properties": { + "resource": { + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + }, + "service": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressServiceBackend" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressClassParametersReference": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IngressClassSpec": { + "additionalProperties": false, + "properties": { + "controller": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClassParametersReference" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressRule": { + "additionalProperties": false, + "properties": { + "host": { + "type": "string" + }, + "http": { + "$ref": "#/definitions/io.k8s.api.networking.v1.HTTPIngressRuleValue" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressServiceBackend": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "port": { + "$ref": "#/definitions/io.k8s.api.networking.v1.ServiceBackendPort" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.IngressSpec": { + "additionalProperties": false, + "properties": { + "defaultBackend": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressBackend" + }, + "ingressClassName": { + "type": "string" + }, + "rules": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressRule" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "tls": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressTLS" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressTLS": { + "additionalProperties": false, + "properties": { + "hosts": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyEgressRule": { + "additionalProperties": false, + "properties": { + "ports": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPort" + }, + "type": "array" + }, + "to": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPeer" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyIngressRule": { + "additionalProperties": false, + "properties": { + "from": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPeer" + }, + "type": "array" + }, + "ports": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyPeer": { + "additionalProperties": false, + "properties": { + "ipBlock": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IPBlock" + }, + "namespaceSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "podSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicyPort": { + "additionalProperties": false, + "properties": { + "endPort": { + "format": "int32", + "type": "integer" + }, + "port": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "protocol": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.networking.v1.NetworkPolicySpec": { + "additionalProperties": false, + "properties": { + "egress": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyEgressRule" + }, + "type": "array" + }, + "ingress": { + "items": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyIngressRule" + }, + "type": "array" + }, + "podSelector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "policyTypes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "podSelector" + ], + "type": "object" + }, + "io.k8s.api.networking.v1.ServiceBackendPort": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "number": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.policy.v1.PodDisruptionBudgetSpec": { + "additionalProperties": false, + "properties": { + "maxUnavailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "minAvailable": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "x-kubernetes-patch-strategy": "replace" + } + }, + "type": "object" + }, + "io.k8s.api.rbac.v1.AggregationRule": { + "additionalProperties": false, + "properties": { + "clusterRoleSelectors": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.rbac.v1.PolicyRule": { + "additionalProperties": false, + "properties": { + "apiGroups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "nonResourceURLs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "resourceNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "resources": { + "items": { + "type": "string" + }, + "type": "array" + }, + "verbs": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "verbs" + ], + "type": "object" + }, + "io.k8s.api.rbac.v1.RoleRef": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "apiGroup", + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.rbac.v1.Subject": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "format": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "priority": { + "format": "int32", + "type": "integer" + }, + "type": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "jsonPath" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceConversion": { + "additionalProperties": false, + "properties": { + "strategy": { + "type": "string" + }, + "webhook": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookConversion" + } + }, + "required": [ + "strategy" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames": { + "additionalProperties": false, + "properties": { + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "listKind": { + "type": "string" + }, + "plural": { + "type": "string" + }, + "shortNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "singular": { + "type": "string" + } + }, + "required": [ + "plural", + "kind" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec": { + "additionalProperties": false, + "properties": { + "conversion": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceConversion" + }, + "group": { + "type": "string" + }, + "names": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames" + }, + "preserveUnknownFields": { + "type": "boolean" + }, + "scope": { + "type": "string" + }, + "versions": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion" + }, + "type": "array" + } + }, + "required": [ + "group", + "names", + "scope", + "versions" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion": { + "additionalProperties": false, + "properties": { + "additionalPrinterColumns": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition" + }, + "type": "array" + }, + "deprecated": { + "type": "boolean" + }, + "deprecationWarning": { + "type": "string" + }, + "name": { + "type": "string" + }, + "schema": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceValidation" + }, + "served": { + "type": "boolean" + }, + "storage": { + "type": "boolean" + }, + "subresources": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresources" + } + }, + "required": [ + "name", + "served", + "storage" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale": { + "additionalProperties": false, + "properties": { + "labelSelectorPath": { + "type": "string" + }, + "specReplicasPath": { + "type": "string" + }, + "statusReplicasPath": { + "type": "string" + } + }, + "required": [ + "specReplicasPath", + "statusReplicasPath" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceStatus": { + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresources": { + "additionalProperties": false, + "properties": { + "scale": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale" + }, + "status": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceStatus" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceValidation": { + "additionalProperties": false, + "properties": { + "openAPIV3Schema": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps": { + "additionalProperties": false, + "properties": { + "$ref": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "additionalItems": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool" + }, + "allOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "anyOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "default": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "definitions": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "dependencies": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray" + }, + "type": "object" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "type": "array" + }, + "example": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON" + }, + "exclusiveMaximum": { + "type": "boolean" + }, + "exclusiveMinimum": { + "type": "boolean" + }, + "externalDocs": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation" + }, + "format": { + "type": "string" + }, + "id": { + "type": "string" + }, + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray" + }, + "maxItems": { + "format": "int64", + "type": "integer" + }, + "maxLength": { + "format": "int64", + "type": "integer" + }, + "maxProperties": { + "format": "int64", + "type": "integer" + }, + "maximum": { + "format": "double", + "type": "number" + }, + "minItems": { + "format": "int64", + "type": "integer" + }, + "minLength": { + "format": "int64", + "type": "integer" + }, + "minProperties": { + "format": "int64", + "type": "integer" + }, + "minimum": { + "format": "double", + "type": "number" + }, + "multipleOf": { + "format": "double", + "type": "number" + }, + "not": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "nullable": { + "type": "boolean" + }, + "oneOf": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "array" + }, + "pattern": { + "type": "string" + }, + "patternProperties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "properties": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps" + }, + "type": "object" + }, + "required": { + "items": { + "type": "string" + }, + "type": "array" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + }, + "uniqueItems": { + "type": "boolean" + }, + "x-kubernetes-embedded-resource": { + "type": "boolean" + }, + "x-kubernetes-int-or-string": { + "type": "boolean" + }, + "x-kubernetes-list-map-keys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "x-kubernetes-list-type": { + "type": "string" + }, + "x-kubernetes-map-type": { + "type": "string" + }, + "x-kubernetes-preserve-unknown-fields": { + "type": "boolean" + }, + "x-kubernetes-validations": { + "items": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "rule" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "rule", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray": {}, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ServiceReference": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "path": { + "type": "string" + }, + "port": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "namespace", + "name" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + }, + "rule": { + "type": "string" + } + }, + "required": [ + "rule" + ], + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookClientConfig": { + "additionalProperties": false, + "properties": { + "caBundle": { + "format": "byte", + "type": "string" + }, + "service": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ServiceReference" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookConversion": { + "additionalProperties": false, + "properties": { + "clientConfig": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookClientConfig" + }, + "conversionReviewVersions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "conversionReviewVersions" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false, + "properties": { + "matchExpressions": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement", + "default": {} + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "additionalProperties": false, + "properties": { + "key": { + "default": "", + "type": "string", + "x-kubernetes-patch-merge-key": "key", + "x-kubernetes-patch-strategy": "merge" + }, + "operator": { + "default": "", + "type": "string" + }, + "values": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time", + "default": {} + }, + "deletionGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "deletionTimestamp": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "generateName": { + "type": "string" + }, + "generation": { + "format": "int64", + "type": "integer" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry", + "default": {} + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference", + "default": {} + }, + "type": "array", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { + "additionalProperties": false, + "properties": { + "apiVersion": { + "default": "", + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "default": "", + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "uid": { + "default": "", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec": { + "additionalProperties": false, + "properties": { + "caBundle": { + "format": "byte", + "type": "string", + "x-kubernetes-list-type": "atomic" + }, + "group": { + "type": "string" + }, + "groupPriorityMinimum": { + "format": "int32", + "type": "integer" + }, + "insecureSkipTLSVerify": { + "type": "boolean" + }, + "service": { + "$ref": "#/definitions/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.ServiceReference" + }, + "version": { + "type": "string" + }, + "versionPriority": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "groupPriorityMinimum", + "versionPriority" + ], + "type": "object" + }, + "io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.ServiceReference": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "port": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitorSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRuleSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfigSpec", + "default": {} + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "metachart.api.core.v1.Container": { + "additionalProperties": false, + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "type": "array" + }, + "imageRef": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "lifecycle": { + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" + }, + "livenessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "ports": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "resources": { + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "startupProbe": { + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "imageRef" + ], + "type": "object" + }, + "metachart.api.core.v1.ContainerList": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.core.v1.Container" + } + }, + "type": "object" + }, + "metachart.api.core.v1.Pod": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/metachart.api.core.v1.PodSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Pod", + "version": "v1" + } + ] + }, + "metachart.api.core.v1.PodSpec": { + "additionalProperties": false, + "properties": { + "activeDeadlineSeconds": { + "format": "int64", + "type": "integer" + }, + "affinity": { + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "$ref": "#/definitions/metachart.api.core.v1.ContainerList" + }, + "dnsConfig": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfig" + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralContainer" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "hostAliases": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.HostAlias" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostUsers": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "initContainers": { + "$ref": "#/definitions/metachart.api.core.v1.ContainerList" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "os": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodOS" + }, + "overhead": { + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "type": "object" + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "format": "int32", + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodReadinessGate" + }, + "type": "array" + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "tolerations": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "topologyKey", + "x-kubernetes-patch-strategy": "merge" + }, + "volumes": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.Volume" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + } + }, + "required": [ + "containers" + ], + "type": "object" + }, + "metachart.api.internal.Image": { + "additionalProperties": false, + "properties": { + "pullPolicy": { + "enum": [ + "Always", + "IfNotPresent" + ], + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "type": "object" + }, + "metachart.api.internal.volumeClaimTemplates": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecretSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.external-secrets.apis.externalsecrets.v1beta1.SecretStoreSpec", + "default": {} + } + }, + "type": "object" + }, + "metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "webhooks": { + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MutatingWebhook" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "MutatingWebhookConfiguration", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "webhooks": { + "items": { + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingWebhook" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingWebhookConfiguration", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.DaemonSet": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "related": { + "properties": { + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DaemonSetSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "DaemonSet", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.DaemonSetSpec": { + "additionalProperties": false, + "properties": { + "minReadySeconds": { + "format": "int32", + "type": "integer" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "revisionHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "updateStrategy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.DaemonSetUpdateStrategy" + } + }, + "required": [ + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.apps.v1.Deployment": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "related": { + "properties": { + "poddisruptionbudgets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "type": "object" + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DeploymentSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "Deployment", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.DeploymentSpec": { + "additionalProperties": false, + "properties": { + "minReadySeconds": { + "format": "int32", + "type": "integer" + }, + "paused": { + "type": "boolean" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "progressDeadlineSeconds": { + "format": "int32", + "type": "integer" + }, + "replicas": { + "format": "int32", + "type": "integer" + }, + "revisionHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "strategy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.DeploymentStrategy", + "x-kubernetes-patch-strategy": "retainKeys" + } + }, + "required": [ + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.apps.v1.StatefulSet": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "related": { + "properties": { + "poddisruptionbudgets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "type": "object" + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.StatefulSetSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "StatefulSet", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.apps.v1.StatefulSetSpec": { + "additionalProperties": false, + "properties": { + "minReadySeconds": { + "format": "int32", + "type": "integer" + }, + "persistentVolumeClaimRetentionPolicy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "podManagementPolicy": { + "type": "string" + }, + "replicas": { + "format": "int32", + "type": "integer" + }, + "revisionHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "serviceName": { + "type": "string" + }, + "updateStrategy": { + "$ref": "#/definitions/io.k8s.api.apps.v1.StatefulSetUpdateStrategy" + }, + "volumeClaimTemplates": { + "$ref": "#/definitions/metachart.api.internal.volumeClaimTemplates" + } + }, + "required": [ + "serviceName", + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "autoscaling", + "kind": "HorizontalPodAutoscaler", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.batch.v1.CronJob": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.CronJobSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "batch", + "kind": "CronJob", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.batch.v1.CronJobSpec": { + "additionalProperties": false, + "properties": { + "concurrencyPolicy": { + "type": "string" + }, + "failedJobsHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "job": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.Job" + }, + "schedule": { + "type": "string" + }, + "startingDeadlineSeconds": { + "format": "int64", + "type": "integer" + }, + "successfulJobsHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "suspend": { + "type": "boolean" + }, + "timeZone": { + "type": "string" + } + }, + "required": [ + "schedule", + "job" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.batch.v1.Job": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.JobSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "batch", + "kind": "Job", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.batch.v1.JobSpec": { + "additionalProperties": false, + "properties": { + "activeDeadlineSeconds": { + "format": "int64", + "type": "integer" + }, + "backoffLimit": { + "format": "int32", + "type": "integer" + }, + "completionMode": { + "type": "string" + }, + "completions": { + "format": "int32", + "type": "integer" + }, + "manualSelector": { + "type": "boolean" + }, + "parallelism": { + "format": "int32", + "type": "integer" + }, + "pod": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "podFailurePolicy": { + "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicy" + }, + "selector": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "suspend": { + "type": "boolean" + }, + "ttlSecondsAfterFinished": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "pod" + ], + "type": "object" + }, + "metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.certificates.v1.CertificateSigningRequestSpec" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "certificates.k8s.io", + "kind": "CertificateSigningRequest", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.ConfigMap": { + "additionalProperties": false, + "properties": { + "binaryData": { + "additionalProperties": { + "format": "byte", + "type": "string" + }, + "type": "object" + }, + "data": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "immutable": { + "type": "boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.PersistentVolume": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.Secret": { + "additionalProperties": false, + "properties": { + "data": { + "additionalProperties": { + "format": "byte", + "type": "string" + }, + "type": "object" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "immutable": { + "type": "boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "stringData": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Secret", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.Service": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Service", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.core.v1.ServiceAccount": { + "additionalProperties": false, + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "imagePullSecrets": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "type": "array" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "secrets": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.networking.v1.Ingress": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.networking.v1.IngressClass": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1.IngressClassSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.networking.v1.NetworkPolicy": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicySpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.api.policy.v1.PodDisruptionBudgetSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.ClusterRole": { + "additionalProperties": false, + "properties": { + "aggregationRule": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "rules": { + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "roleRef": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef" + }, + "subjects": { + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "type": "array" + } + }, + "required": [ + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleBinding", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.Role": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "rules": { + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "Role", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.rbac.v1.RoleBinding": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "roleRef": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef" + }, + "subjects": { + "items": { + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "type": "array" + } + }, + "required": [ + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "RoleBinding", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.scheduling.v1.PriorityClass": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "globalDefault": { + "type": "boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "preemptionPolicy": { + "type": "string" + }, + "value": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "value" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "scheduling.k8s.io", + "kind": "PriorityClass", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.api.storage.v1.StorageClass": { + "additionalProperties": false, + "properties": { + "allowVolumeExpansion": { + "type": "boolean" + }, + "allowedTopologies": { + "items": { + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySelectorTerm" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "mountOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "provisioner": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string" + }, + "volumeBindingMode": { + "type": "string" + } + }, + "required": [ + "provisioner" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "StorageClass", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiextensions.k8s.io", + "kind": "CustomResourceDefinition", + "version": "v1" + } + ] + }, + "metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService": { + "additionalProperties": false, + "properties": { + "enabled": { + "$ref": "#/definitions/metachart.interface.boolean" + }, + "metadata": { + "$ref": "#/definitions/metachart.api.meta.v1.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiregistration.k8s.io", + "kind": "APIService", + "version": "v1" + } + ] + }, + "metachart.api.meta.v1.ObjectMeta": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "checksums": { + "$ref": "#/definitions/metachart.interface.checksums" + }, + "finalizers": { + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "metachart.interface.FQDNitem": { + "pattern": "^[a-z][0-9a-z]*(-[0-9a-z]+)*$", + "type": "string" + }, + "metachart.interface.boolean": { + "type": "boolean" + }, + "metachart.interface.checksumEntryList": { + "anyOf": [ + { + "items": { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + "type": "array" + }, + { + "enum": [ + "*" + ] + } + ] + }, + "metachart.interface.checksums": { + "properties": { + "alertmanagerconfigs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "apiservices": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "certificatesigningrequests": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clusterexternalsecrets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clusterrolebindings": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clusterroles": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "clustersecretstores": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "configmaps": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "cronjobs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "customresourcedefinitions": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "daemonsets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "deployments": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "externalsecrets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "horizontalpodautoscalers": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "images": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "ingressclasses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "ingresses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "jobs": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "mutatingwebhookconfigurations": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "networkpolicies": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "persistentvolumeclaims": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "persistentvolumes": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "poddisruptionbudgets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "podmonitors": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "pods": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "priorityclasses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "prometheusrules": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "rolebindings": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "roles": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "secrets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "secretstores": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "serviceaccounts": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "services": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "statefulsets": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "storageclasses": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + }, + "validatingwebhookconfigurations": { + "$ref": "#/definitions/metachart.interface.checksumEntryList" + } + }, + "type": "object" + } + }, + "properties": { + "alertmanagerconfigs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + } + }, + "type": "object" + }, + "apiservices": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService" + } + }, + "type": "object" + }, + "certificatesigningrequests": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest" + } + }, + "type": "object" + }, + "clusterexternalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + } + }, + "type": "object" + }, + "clusterrolebindings": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding" + } + }, + "type": "object" + }, + "clusterroles": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRole" + } + }, + "type": "object" + }, + "clustersecretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + } + }, + "type": "object" + }, + "configmaps": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ConfigMap" + } + }, + "type": "object" + }, + "context": { + "description": "Any content which can be used for config rendering without schema defined by the chart", + "type": "object" + }, + "cronjobs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.CronJob" + } + }, + "type": "object" + }, + "customresourcedefinitions": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition" + } + }, + "type": "object" + }, + "daemonsets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DaemonSet" + } + }, + "type": "object" + }, + "deployments": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.Deployment" + } + }, + "type": "object" + }, + "externalsecrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + } + }, + "type": "object" + }, + "fullnameOverride": { + "anyOf": [ + { + "$ref": "#/definitions/metachart.interface.FQDNitem" + }, + { + "type": "null" + } + ] + }, + "horizontalpodautoscalers": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler" + } + }, + "type": "object" + }, + "images": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.internal.Image" + } + }, + "type": "object" + }, + "ingressclasses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.IngressClass" + } + }, + "type": "object" + }, + "ingresses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.Ingress" + } + }, + "type": "object" + }, + "jobs": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.Job" + } + }, + "type": "object" + }, + "mutatingwebhookconfigurations": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" + } + }, + "type": "object" + }, + "networkpolicies": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.NetworkPolicy" + } + }, + "type": "object" + }, + "persistentvolumeclaims": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "type": "object" + }, + "persistentvolumes": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolume" + } + }, + "type": "object" + }, + "poddisruptionbudgets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + } + }, + "type": "object" + }, + "podmonitors": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + } + }, + "type": "object" + }, + "pods": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + } + }, + "type": "object" + }, + "priorityclasses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.scheduling.v1.PriorityClass" + } + }, + "type": "object" + }, + "prometheusrules": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + } + }, + "type": "object" + }, + "rolebindings": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.RoleBinding" + } + }, + "type": "object" + }, + "roles": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.Role" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Secret" + } + }, + "type": "object" + }, + "secretstores": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + } + }, + "type": "object" + }, + "serviceaccounts": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ServiceAccount" + } + }, + "type": "object" + }, + "services": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + } + }, + "type": "object" + }, + "settings": { + "additionalProperties": false, + "properties": { + "alertmanagerconfigs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1beta1.AlertmanagerConfig" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "apiservices": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "certificatesigningrequests": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.certificates.v1.CertificateSigningRequest" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clusterexternalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clusterrolebindings": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRoleBinding" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clusterroles": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.ClusterRole" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "clustersecretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ClusterSecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "configmaps": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ConfigMap" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "containers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.core.v1.Container" + } + }, + "type": "object" + }, + "cronjobs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.CronJob" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "customresourcedefinitions": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "daemonsets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.DaemonSet" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "deployments": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.Deployment" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "externalsecrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.ExternalSecret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "global": { + "additionalProperties": false, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "horizontalpodautoscalers": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "images": { + "properties": { + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "ingressclasses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.IngressClass" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "ingresses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.Ingress" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "jobs": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.batch.v1.Job" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "mutatingwebhookconfigurations": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "networkpolicies": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.networking.v1.NetworkPolicy" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "persistentvolumeclaims": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolumeClaim" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "persistentvolumes": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.PersistentVolume" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "poddisruptionbudgets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.policy.v1.PodDisruptionBudget" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "podmonitors": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PodMonitor" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "pods": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.core.v1.Pod" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "priorityclasses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.scheduling.v1.PriorityClass" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "prometheusrules": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.com.coreos.monitoring.pkg.apis.monitoring.v1.PrometheusRule" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "rolebindings": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.RoleBinding" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "roles": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.rbac.v1.Role" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "secrets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Secret" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "secretstores": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.external-secrets.apis.externalsecrets.v1beta1.SecretStore" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "serviceaccounts": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.ServiceAccount" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "services": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.core.v1.Service" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "statefulsets": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.StatefulSet" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "storageclasses": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.storage.v1.StorageClass" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + }, + "validatingwebhookconfigurations": { + "properties": { + "defaults": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" + }, + "disabled": { + "description": "Disable all resources of this kind", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "statefulsets": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.apps.v1.StatefulSet" + } + }, + "type": "object" + }, + "storageclasses": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.storage.v1.StorageClass" + } + }, + "type": "object" + }, + "validatingwebhookconfigurations": { + "additionalProperties": false, + "patternProperties": { + "^[a-z][0-9a-z]*(-[0-9a-z]+)*$": { + "$ref": "#/definitions/metachart.api.io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" + } + }, + "type": "object" + } + } +} \ No newline at end of file diff --git a/charts/simple/values.yaml b/charts/simple/values.yaml new file mode 100644 index 0000000..a4840db --- /dev/null +++ b/charts/simple/values.yaml @@ -0,0 +1,10 @@ +# context can be used to define any user-provided structure to use in values +# templating +context: {} + +# fullnameOverride overrides value of $.Release.Name for resources release name +# prefixes +fullnameOverride: + +# settings configures chart behaviour +settings: {}