github/podinfo
1
0
Fork 0
mirror of https://github.com/stefanprodan/podinfo.git synced 2026-02-14 18:29:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Timoni module

Browse Source 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
2023-09-23 00:33:36 +03:00
parent aaa47e535f
commit dfc4a6d37e
125 changed files with 27290 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
timoni/podinfo/cue.mod/* linguist-vendored

31
.github/workflows/test.yml vendored
View File

@@ -17,17 +17,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Restore Go cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v3
uses: actions/setup-go@v4
with:
go-version: 1.21.x
cache-dependency-path: |
**/go.sum
**/go.mod
- name: Setup kubectl
uses: azure/setup-kubectl@v3
with:
@@ -39,7 +36,9 @@ jobs:
with:
version: v3.10.3
- name: Setup CUE
uses: cue-lang/setup-cue@main
uses: cue-lang/setup-cue@v1.0.0
- name: Setup Timoni
uses: stefanprodan/timoni/actions/setup@main
- name: Run unit tests
run: make test
- name: Validate Helm chart
@@ -49,12 +48,10 @@ jobs:
- name: Validate Kustomize overlay
run: |
kubectl kustomize ./kustomize/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
- name: Generate CUE definitions
run: make cue-mod
- name: Verify CUE formatting
working-directory: ./cue
working-directory: ./timoni/podinfo
run: |
cue fmt .
cue fmt ./..
status=$(git status . --porcelain)
[[ -z "$status" ]] || {
echo "CUE files are not correctly formatted"
@@ -62,11 +59,11 @@ jobs:
git diff
exit 1
}
- name: Validate CUE
working-directory: ./cue
- name: Validate Timoni module
working-directory: ./timoni/podinfo
run: |
cue vet --all-errors --concrete .
cue gen | kubeconform -strict -summary -skip=ServiceMonitor -kubernetes-version ${{ env.KUBERNETES_VERSION }}
timoni mod lint .
timoni build podinfo . -f test_values.cue | kubeconform -strict -summary -skip=ServiceMonitor -kubernetes-version ${{ env.KUBERNETES_VERSION }}
- name: Check if working tree is dirty
run: |
if [[ $(git diff --stat) != '' ]]; then

17
Makefile
View File

@@ -82,8 +82,8 @@ version-set:
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
/usr/bin/sed -i '' "s/$$current/$$next/g" cue/main.cue && \
echo "Version $$next set in code, deployment, chart and kustomize"
/usr/bin/sed -i '' "s/$$current/$$next/g" timoni/podinfo/values.cue && \
echo "Version $$next set in code, deployment, module, chart and kustomize"
release:
git tag -s -m $(VERSION) $(VERSION)
@@ -95,13 +95,6 @@ swagger:
go get github.com/swaggo/swag/cmd/swag@latest
cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go
.PHONY: cue-mod
cue-mod:
@cd cue && go mod init github.com/stefanprodan/podinfo/cue
@cd cue && go get k8s.io/api/...
@cd cue && cue get go k8s.io/api/...
.PHONY: cue-gen
cue-gen:
@cd cue && cue fmt ./... && cue vet --all-errors --concrete ./...
@cd cue && cue gen
.PHONY: timoni-build
timoni-build:
@timoni build podinfo ./timoni/podinfo -f ./timoni/podinfo/test_values.cue

60
cue/README.md
View File

@@ -1,60 +0,0 @@
# Podinfo CUE module
This directory contains a [CUE](https://cuelang.org/docs/) module and tooling
for generating podinfo's Kubernetes resources.
The module contains a `podinfo.#Application` definition which takes `podinfo.#Config` as input.
## Prerequisites
Install CUE with:
```shell
brew install cue
```
Generate the Kubernetes API definitions required by this module with:
```shell
go mod init github.com/stefanprodan/podinfo/cue
go get k8s.io/api/...
cue get go k8s.io/api/...
```
## Configuration
Configure the application in `main.cue`:
```cue
app: podinfo.#Application & {
config: {
meta: {
name: "podinfo"
namespace: "default"
}
image: tag: "6.1.3"
resources: requests: {
cpu: "100m"
memory: "16Mi"
}
hpa: {
enabled: true
maxReplicas: 3
}
ingress: {
enabled: true
className: "nginx"
host: "podinfo.example.com"
tls: true
annotations: "cert-manager.io/cluster-issuer": "letsencrypt"
}
serviceMonitor: enabled: true
}
}
```
## Generate the manifests
```shell
cue gen
```

1
cue/cue.mod/module.cue
View File

@@ -1 +0,0 @@
module: "github.com/stefanprodan/podinfo/cue"

33
cue/main.cue
View File

@@ -1,33 +0,0 @@
package main
import (
podinfo "github.com/stefanprodan/podinfo/cue/podinfo"
)
app: podinfo.#Application & {
config: {
meta: {
name: "podinfo"
namespace: "default"
}
image: tag: "6.4.1"
resources: requests: {
cpu: "100m"
memory: "16Mi"
}
hpa: {
enabled: true
maxReplicas: 3
}
ingress: {
enabled: true
className: "nginx"
host: "podinfo.example.com"
tls: true
annotations: "cert-manager.io/cluster-issuer": "letsencrypt"
}
serviceMonitor: enabled: true
}
}
objects: app.objects

12
cue/main_tool.cue
View File

@@ -1,12 +0,0 @@
package main
import (
"tool/cli"
"encoding/yaml"
)
command: gen: {
task: print: cli.Print & {
text: yaml.MarshalStream([ for x in objects {x}])
}
}

26
cue/podinfo/app.cue
View File

@@ -1,26 +0,0 @@
package podinfo
#Application: {
config: #Config
objects: {
service: #Service & {_config: config}
account: #ServiceAccount & {_config: config}
deployment: #Deployment & {
_config: config
_serviceAccount: account.metadata.name
}
}
if config.hpa.enabled == true {
objects: hpa: #HorizontalPodAutoscaler & {_config: config}
}
if config.ingress.enabled == true {
objects: ingress: #Ingress & {_config: config}
}
if config.serviceMonitor.enabled == true {
objects: serviceMonitor: #ServiceMonitor & {_config: config}
}
}

41
cue/podinfo/config.cue
View File

@@ -1,41 +0,0 @@
package podinfo
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
)
#Config: {
meta: metav1.#ObjectMeta
hpa: #hpaConfig
ingress: #ingressConfig
service: #serviceConfig
serviceMonitor: #serviceMonConfig
image: {
repository: *"ghcr.io/stefanprodan/podinfo" | string
pullPolicy: *"IfNotPresent" | string
tag: string
}
cache?: string & =~"^tcp://"
backends: [...string]
logLevel: *"info" | string
replicas: *1 | int
resources: *{
requests: {
cpu: "1m"
memory: "16Mi"
}
limits: memory: "128Mi"
} | corev1.#ResourceRequirements
selectorLabels: *{"app.kubernetes.io/name": meta.name} | {[ string]: string}
meta: annotations: *{"app.kubernetes.io/version": "\(image.tag)"} | {[ string]: string}
meta: labels: *selectorLabels | {[ string]: string}
securityContext?: corev1.#PodSecurityContext
affinity?: corev1.#Affinity
tolerations?: [ ...corev1.#Toleration]
}

110
cue/podinfo/deployment.cue
View File

@@ -1,110 +0,0 @@
package podinfo
import (
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
)
#Deployment: appsv1.#Deployment & {
_config: #Config
_serviceAccount: string
apiVersion: "apps/v1"
kind: "Deployment"
metadata: _config.meta
spec: appsv1.#DeploymentSpec & {
if !_config.hpa.enabled {
replicas: _config.replicas
}
strategy: {
type: "RollingUpdate"
rollingUpdate: maxUnavailable: 1
}
selector: matchLabels: _config.selectorLabels
template: {
metadata: {
labels: _config.selectorLabels
if !_config.serviceMonitor.enabled {
annotations: {
"prometheus.io/scrape": "true"
"prometheus.io/port": "\(_config.service.metricsPort)"
}
}
}
spec: corev1.#PodSpec & {
terminationGracePeriodSeconds: 15
serviceAccountName: _serviceAccount
containers: [
{
name: "podinfo"
image: "\(_config.image.repository):\(_config.image.tag)"
imagePullPolicy: _config.image.pullPolicy
command: [
"./podinfo",
"--port=\(_config.service.httpPort)",
"--port-metrics=\(_config.service.metricsPort)",
"--grpc-port=\(_config.service.grpcPort)",
"--level=\(_config.logLevel)",
if _config.cache != _|_ {
"--cache-server=\(_config.cache)"
},
for b in _config.backends {
"--backend-url=\(b)"
},
]
ports: [
{
name: "http"
containerPort: _config.service.httpPort
protocol: "TCP"
},
{
name: "http-metrics"
containerPort: _config.service.metricsPort
protocol: "TCP"
},
{
name: "grpc"
containerPort: _config.service.grpcPort
protocol: "TCP"
},
]
livenessProbe: {
httpGet: {
path: "/healthz"
port: "http"
}
}
readinessProbe: {
httpGet: {
path: "/readyz"
port: "http"
}
}
volumeMounts: [
{
name: "data"
mountPath: "/data"
},
]
resources: _config.resources
if _config.securityContext != _|_ {
securityContext: _config.securityContext
}
},
]
if _config.affinity != _|_ {
affinity: _config.affinity
}
if _config.tolerations != _|_ {
tolerations: _config.tolerations
}
volumes: [
{
name: "data"
emptyDir: {}
},
]
}
}
}
}

44
cue/podinfo/service.cue
View File

@@ -1,44 +0,0 @@
package podinfo
import (
corev1 "k8s.io/api/core/v1"
)
#serviceConfig: {
type: *"ClusterIP" | string
externalPort: *9898 | int
httpPort: *9898 | int
metricsPort: *9797 | int
grpcPort: *9999 | int
}
#Service: corev1.#Service & {
_config: #Config
apiVersion: "v1"
kind: "Service"
metadata: _config.meta
spec: corev1.#ServiceSpec & {
type: _config.service.type
selector: _config.selectorLabels
ports: [
{
name: "http"
port: _config.service.externalPort
targetPort: "\(name)"
protocol: "TCP"
},
{
name: "http-metrics"
port: _config.service.metricsPort
targetPort: "\(name)"
protocol: "TCP"
},
{
name: "grpc"
port: _config.service.grpcPort
targetPort: "\(name)"
protocol: "TCP"
},
]
}
}

12
cue/podinfo/serviceaccount.cue
View File

@@ -1,12 +0,0 @@
package podinfo
import (
corev1 "k8s.io/api/core/v1"
)
#ServiceAccount: corev1.#ServiceAccount & {
_config: #Config
apiVersion: "v1"
kind: "ServiceAccount"
metadata: _config.meta
}

22
cue/podinfo/servicemonitor.cue
View File

@@ -1,22 +0,0 @@
package podinfo
#serviceMonConfig: {
enabled: *false | bool
interval: *"15s" | string
}
#ServiceMonitor: {
_config: #Config
apiVersion: "monitoring.coreos.com/v1"
kind: "ServiceMonitor"
metadata: _config.meta
spec: {
endpoints: [{
path: "/metrics"
port: "http-metrics"
interval: _config.serviceMonitor.interval
}]
namespaceSelector: matchNames: [_config.meta.namespace]
selector: matchLabels: _config.meta.labels
}
}

131
timoni/podinfo/README.md Normal file
View File

@@ -0,0 +1,131 @@
# Podinfo
[Podinfo](https://github.com/stefanprodan/podinfo) is a tiny web application
made with Go that showcases best practices of running microservices in Kubernetes.
## Module Repository
This module is available on GitHub Container Registry at
[ghcr.io/stefanprodan/modules/podinfo](https://github.com/stefanprodan/podinfo/pkgs/container/modules%2Fpodinfo).
## Install
To create an instance using the default values:
```shell
timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo
```
To install a specific module version:
```shell
timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo -v 6.3.5
```
To change the [default configuration](#configuration),
create one or more `values.cue` files and apply them to the instance.
For example, create a file `my-values.cue` with the following content:
```cue
values: {
resources: requests: {
cpu: "100m"
memory: "128Mi"
}
}
```
And apply the values with:
```shell
timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo \
--values ./my-values.cue
```
## Uninstall
To uninstall an instance and delete all its Kubernetes resources:
```shell
timoni -n default delete podinfo
```
## Configuration
### General values
| Key | Type | Default | Description |
|------------------------------|-----------------------------------------|--------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
| `image: tag:` | `string` | `<latest version>` | Container image tag |
| `image: digest:` | `string` | `""` | Container image digest, takes precedence over `tag` when specified |
| `image: repository:` | `string` | `ghcr.io/stefanprodan/podinfo` | Container image repository |
| `image: pullPolicy:` | `string` | `IfNotPresent` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) |
| `metadata: labels:` | `{[ string]: string}` | `{}` | Common labels for all resources |
| `metadata: annotations:` | `{[ string]: string}` | `{}` | Common annotations for all resources |
| `podAnnotations:` | `{[ string]: string}` | `{}` | Annotations applied to pods |
| `imagePullSecrets:` | `[...corev1.LocalObjectReference]` | `[]` | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) |
| `tolerations:` | `[ ...corev1.#Toleration]` | `[]` | [Kubernetes toleration](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) |
| `affinity:` | `corev1.#Affinity` | `{}` | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
| `resources:` | `corev1.#ResourceRequirements` | `{}` | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) |
| `topologySpreadConstraints:` | `[...corev1.#TopologySpreadConstraint]` | `[]` | [Kubernetes pod topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints) |
| `podSecurityContext:` | `corev1.#PodSecurityContext` | `{}` | [Kubernetes pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) |
| `securityContext:` | `corev1.#SecurityContext` | `{}` | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) |
#### Recommended values
Comply with the
restricted [Kubernetes pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/):
```cue
values: {
podSecurityContext: {
runAsUser: 100
runAsGroup: 101
fsGroup: 101
}
securityContext: {
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities: drop: ["ALL"]
seccompProfile: type: "RuntimeDefault"
}
}
```
### Autoscaling values
| Key | Type | Default | Description |
|-----------------------------|----------|---------------|--------------------------------------------------------------------------------------------------------------|
| `replicas:` | `int` | `1` | Number of pods when autoscaling is disabled |
| `autoscaling: enabled:` | `bool` | `false` | Enable [Kubernetes HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) creation |
| `autoscaling: minReplicas:` | `int` | `replicas` | Minimum number of pods |
| `autoscaling: maxReplicas:` | `int` | `minReplicas` | Maximum number of pods |
| `autoscaling: cpu:` | `int` | `99` | CPU average utilization (percentage) |
| `autoscaling: memory:` | `string` | `""` | memory average value (e.g. `1024Mi`) |
### Ingress values
| Key | Type | Default | Description |
|-------------------------|-----------------------|-----------------|--------------------------------------------------------------------------------------------------------|
| `service: port:` | `int` | `80` | Kubernetes Service ClusterIP port |
| `ingress: enabled:` | `bool` | `false` | Enable [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) creation |
| `ingress: tls:` | `bool` | `false` | Enable TLS (requires cert-manager) |
| `ingress: host:` | `string` | `podinfo.local` | Ingress host |
| `ingress: className:` | `string` | `""` | Ingress class name |
| `ingress: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to ingress |
### Monitoring values
| Key | Type | Default | Description |
|-------------------------|----------|---------|-------------------------------------------------------------------------------|
| `monitoring: enabled:` | `bool` | `false` | Enable [Prometheus ServiceMonitor](https://prometheus-operator.dev/) creation |
| `monitoring: interval:` | `string` | `15s` | Prometheus scrape interval |
### Cashing values
| Key | Type | Default | Description |
|----------------------|----------|---------|---------------------------------------------------------|
| `caching: enabled:` | `bool` | `false` | Enable Redis caching |
| `caching: redisURL:` | `string` | `""` | Redis URL in the format `tcp://:[password]@host[:port]` |

7
timoni/podinfo/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admission/v1
package v1
#GroupName: "admission.k8s.io"

172
timoni/podinfo/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,172 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admission/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
authenticationv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// AdmissionReview describes an admission review request/response.
#AdmissionReview: {
metav1.#TypeMeta
// Request describes the attributes for the admission request.
// +optional
request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt)
// Response describes the attributes for the admission response.
// +optional
response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt)
}
// AdmissionRequest describes the admission.Attributes for the admission request.
#AdmissionRequest: {
// UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
// otherwise identical (parallel requests, requests when earlier requests did not modify etc)
// The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt)
// Resource is the fully-qualified resource being requested (for example, v1.pods)
resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt)
// SubResource is the subresource being requested, if any (for example, "status" or "scale")
// +optional
subResource?: string @go(SubResource) @protobuf(4,bytes,opt)
// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
//
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
//
// See documentation for the "matchPolicy" field in the webhook configuration type for more details.
// +optional
requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt)
// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
//
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
//
// See documentation for the "matchPolicy" field in the webhook configuration type.
// +optional
requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt)
// RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
// If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
// See documentation for the "matchPolicy" field in the webhook configuration type.
// +optional
requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt)
// Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
// rely on the server to generate the name. If that is the case, this field will contain an empty string.
// +optional
name?: string @go(Name) @protobuf(5,bytes,opt)
// Namespace is the namespace associated with the request (if any).
// +optional
namespace?: string @go(Namespace) @protobuf(6,bytes,opt)
// Operation is the operation being performed. This may be different than the operation
// requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
operation: #Operation @go(Operation) @protobuf(7,bytes,opt)
// UserInfo is information about the requesting user
userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt)
// Object is the object from the incoming request.
// +optional
object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt)
// OldObject is the existing object. Only populated for DELETE and UPDATE requests.
// +optional
oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt)
// DryRun indicates that modifications will definitely not be persisted for this request.
// Defaults to false.
// +optional
dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt)
// Options is the operation option structure of the operation being performed.
// e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
// different than the options the caller provided. e.g. for a patch request the performed
// Operation might be a CREATE, in which case the Options will a
// `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
// +optional
options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt)
}
// AdmissionResponse describes an admission response.
#AdmissionResponse: {
// UID is an identifier for the individual request/response.
// This must be copied over from the corresponding AdmissionRequest.
uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
// Allowed indicates whether or not the admission request was permitted.
allowed: bool @go(Allowed) @protobuf(2,varint,opt)
// Result contains extra details into why an admission request was denied.
// This field IS NOT consulted in any way if "Allowed" is "true".
// +optional
status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt)
// The patch body. Currently we only support "JSONPatch" which implements RFC 6902.
// +optional
patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt)
// The type of Patch. Currently we only allow "JSONPatch".
// +optional
patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt)
// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
// the admission webhook to add additional context to the audit log for this request.
// +optional
auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt)
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep)
}
// PatchType is the type of patch being used to represent the mutated object
#PatchType: string // #enumPatchType
#enumPatchType:
#PatchTypeJSONPatch
#PatchTypeJSONPatch: #PatchType & "JSONPatch"
// Operation is the type of resource operation being checked for admission control
#Operation: string // #enumOperation
#enumOperation:
#Create |
#Update |
#Delete |
#Connect
#Create: #Operation & "CREATE"
#Update: #Operation & "UPDATE"
#Delete: #Operation & "DELETE"
#Connect: #Operation & "CONNECT"

9
timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,9 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1
// Package v1 is the v1 version of the API.
// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration
// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the
// new dynamic admission controller configuration.
package v1

7
timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1
package v1
#GroupName: "admissionregistration.k8s.io"

645
timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,645 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/admissionregistration/v1
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
#Rule: {
// APIGroups is the API groups the resources belong to. '*' is all groups.
// If '*' is present, the length of the slice must be one.
// Required.
// +listType=atomic
apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep)
// APIVersions is the API versions the resources belong to. '*' is all versions.
// If '*' is present, the length of the slice must be one.
// Required.
// +listType=atomic
apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep)
// Resources is a list of resources this rule applies to.
//
// For example:
// 'pods' means pods.
// 'pods/log' means the log subresource of pods.
// '*' means all resources, but not subresources.
// 'pods/*' means all subresources of pods.
// '*/scale' means all scale subresources.
// '*/*' means all resources and their subresources.
//
// If wildcard is present, the validation rule will ensure resources do not
// overlap with each other.
//
// Depending on the enclosing object, subresources might not be allowed.
// Required.
// +listType=atomic
resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
// scope specifies the scope of this rule.
// Valid values are "Cluster", "Namespaced", and "*"
// "Cluster" means that only cluster-scoped resources will match this rule.
// Namespace API objects are cluster-scoped.
// "Namespaced" means that only namespaced resources will match this rule.
// "*" means that there are no scope restrictions.
// Subresources match the scope of their parent resource.
// Default is "*".
//
// +optional
scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep)
}
// ScopeType specifies a scope for a Rule.
// +enum
#ScopeType: string // #enumScopeType
#enumScopeType:
#ClusterScope |
#NamespacedScope |
#AllScopes
// ClusterScope means that scope is limited to cluster-scoped objects.
// Namespace objects are cluster-scoped.
#ClusterScope: #ScopeType & "Cluster"
// NamespacedScope means that scope is limited to namespaced objects.
#NamespacedScope: #ScopeType & "Namespaced"
// AllScopes means that all scopes are included.
#AllScopes: #ScopeType & "*"
// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
// +enum
#FailurePolicyType: string // #enumFailurePolicyType
#enumFailurePolicyType:
#Ignore |
#Fail
// Ignore means that an error calling the webhook is ignored.
#Ignore: #FailurePolicyType & "Ignore"
// Fail means that an error calling the webhook causes the admission to fail.
#Fail: #FailurePolicyType & "Fail"
// MatchPolicyType specifies the type of match policy.
// +enum
#MatchPolicyType: string // #enumMatchPolicyType
#enumMatchPolicyType:
#Exact |
#Equivalent
// Exact means requests should only be sent to the webhook if they exactly match a given rule.
#Exact: #MatchPolicyType & "Exact"
// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
#Equivalent: #MatchPolicyType & "Equivalent"
// SideEffectClass specifies the types of side effects a webhook may have.
// +enum
#SideEffectClass: string // #enumSideEffectClass
#enumSideEffectClass:
#SideEffectClassUnknown |
#SideEffectClassNone |
#SideEffectClassSome |
#SideEffectClassNoneOnDryRun
// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook.
// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
#SideEffectClassUnknown: #SideEffectClass & "Unknown"
// SideEffectClassNone means that calling the webhook will have no side effects.
#SideEffectClassNone: #SideEffectClass & "None"
// SideEffectClassSome means that calling the webhook will possibly have side effects.
// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
#SideEffectClassSome: #SideEffectClass & "Some"
// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the
// request being reviewed has the dry-run attribute, the side effects will be suppressed.
#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun"
// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
#ValidatingWebhookConfiguration: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
}
// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
#ValidatingWebhookConfigurationList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ValidatingWebhookConfiguration.
items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep)
}
// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
#MutatingWebhookConfiguration: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Webhooks is a list of webhooks and the affected resources and operations.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
}
// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
#MutatingWebhookConfigurationList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of MutatingWebhookConfiguration.
items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep)
}
// ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
#ValidatingWebhook: {
// The name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// ClientConfig defines how to communicate with the hook.
// Required
clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep)
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Fail.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
// matchPolicy defines how the "rules" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
//
// Defaults to "Equivalent"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
// NamespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the webhook.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the webhook on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
// ObjectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt)
// SideEffects states whether this webhook has side effects.
// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
// sideEffects == Unknown or Some.
sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
// Default to 10 seconds.
// +optional
timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
// If a persisted webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail
// and be subject to the failure policy.
admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
// MatchConditions is a list of conditions that must be met for a request to be sent to this
// webhook. Match conditions filter requests that have already been matched by the rules,
// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
// There are a maximum of 64 match conditions allowed.
//
// The exact matching logic is (in order):
// 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
// 2. If ALL matchConditions evaluate to TRUE, the webhook is called.
// 3. If any matchCondition evaluates to an error (but none are FALSE):
// - If failurePolicy=Fail, reject the request
// - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
//
// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
//
// +patchMergeKey=name
// +patchStrategy=merge
// +listType=map
// +listMapKey=name
// +featureGate=AdmissionWebhookMatchConditions
// +optional
matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(11,bytes,opt)
}
// MutatingWebhook describes an admission webhook and the resources and operations it applies to.
#MutatingWebhook: {
// The name of the admission webhook.
// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
// of the organization.
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// ClientConfig defines how to communicate with the hook.
// Required
clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
// Rules describes what operations on what resources/subresources the webhook cares about.
// The webhook cares about an operation if it matches _any_ Rule.
// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
// from putting the cluster in a state which cannot be recovered from without completely
// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep)
// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
// allowed values are Ignore or Fail. Defaults to Fail.
// +optional
failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
// matchPolicy defines how the "rules" list is used to match incoming requests.
// Allowed values are "Exact" or "Equivalent".
//
// - Exact: match a request only if it exactly matches a specified rule.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
//
// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
//
// Defaults to "Equivalent"
// +optional
matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
// NamespaceSelector decides whether to run the webhook on an object based
// on whether the namespace for that object matches the selector. If the
// object itself is a namespace, the matching is performed on
// object.metadata.labels. If the object is another cluster scoped resource,
// it never skips the webhook.
//
// For example, to run the webhook on any objects whose namespace is not
// associated with "runlevel" of "0" or "1"; you will set the selector as
// follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "runlevel",
// "operator": "NotIn",
// "values": [
// "0",
// "1"
// ]
// }
// ]
// }
//
// If instead you want to only run the webhook on any objects whose
// namespace is associated with the "environment" of "prod" or "staging";
// you will set the selector as follows:
// "namespaceSelector": {
// "matchExpressions": [
// {
// "key": "environment",
// "operator": "In",
// "values": [
// "prod",
// "staging"
// ]
// }
// ]
// }
//
// See
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// for more examples of label selectors.
//
// Default to the empty LabelSelector, which matches everything.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
// ObjectSelector decides whether to run the webhook based on if the
// object has matching labels. objectSelector is evaluated against both
// the oldObject and newObject that would be sent to the webhook, and
// is considered to match if either object matches the selector. A null
// object (oldObject in the case of create, or newObject in the case of
// delete) or an object that cannot have labels (like a
// DeploymentRollback or a PodProxyOptions object) is not considered to
// match.
// Use the object selector only if the webhook is opt-in, because end
// users may skip the admission webhook by setting the labels.
// Default to the empty LabelSelector, which matches everything.
// +optional
objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt)
// SideEffects states whether this webhook has side effects.
// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
// Webhooks with side effects MUST implement a reconciliation system, since a request may be
// rejected by a future step in the admission chain and the side effects therefore need to be undone.
// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
// sideEffects == Unknown or Some.
sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
// the webhook call will be ignored or the API call will fail based on the
// failure policy.
// The timeout value must be between 1 and 30 seconds.
// Default to 10 seconds.
// +optional
timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
// versions the Webhook expects. API server will try to use first version in
// the list which it supports. If none of the versions specified in this list
// supported by API server, validation will fail for this object.
// If a persisted webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail
// and be subject to the failure policy.
admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
// Allowed values are "Never" and "IfNeeded".
//
// Never: the webhook will not be called more than once in a single admission evaluation.
//
// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation
// if the object being admitted is modified by other admission plugins after the initial webhook call.
// Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.
// Note:
// * the number of additional invocations is not guaranteed to be exactly one.
// * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.
// * webhooks that use this option may be reordered to minimize the number of additional invocations.
// * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
//
// Defaults to "Never".
// +optional
reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType)
// MatchConditions is a list of conditions that must be met for a request to be sent to this
// webhook. Match conditions filter requests that have already been matched by the rules,
// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
// There are a maximum of 64 match conditions allowed.
//
// The exact matching logic is (in order):
// 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
// 2. If ALL matchConditions evaluate to TRUE, the webhook is called.
// 3. If any matchCondition evaluates to an error (but none are FALSE):
// - If failurePolicy=Fail, reject the request
// - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
//
// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
//
// +patchMergeKey=name
// +patchStrategy=merge
// +listType=map
// +listMapKey=name
// +featureGate=AdmissionWebhookMatchConditions
// +optional
matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(12,bytes,opt)
}
// ReinvocationPolicyType specifies what type of policy the admission hook uses.
// +enum
#ReinvocationPolicyType: string // #enumReinvocationPolicyType
#enumReinvocationPolicyType:
#NeverReinvocationPolicy |
#IfNeededReinvocationPolicy
// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a
// single admission evaluation.
#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never"
// IfNeededReinvocationPolicy indicates that the webhook may be called at least one
// additional time as part of the admission evaluation if the object being admitted is
// modified by other admission plugins after the initial webhook call.
#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded"
// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
#RuleWithOperations: {
// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
// for all of those operations and any future admission operations that are added.
// If '*' is present, the length of the slice must be one.
// Required.
// +listType=atomic
operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType)
#Rule
}
// OperationType specifies an operation for a request.
// +enum
#OperationType: string // #enumOperationType
#enumOperationType:
#OperationAll |
#Create |
#Update |
#Delete |
#Connect
#OperationAll: #OperationType & "*"
#Create: #OperationType & "CREATE"
#Update: #OperationType & "UPDATE"
#Delete: #OperationType & "DELETE"
#Connect: #OperationType & "CONNECT"
// WebhookClientConfig contains the information to make a TLS
// connection with the webhook
#WebhookClientConfig: {
// `url` gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
url?: null | string @go(URL,*string) @protobuf(3,bytes,opt)
// `service` is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// +optional
service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt)
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt)
}
// ServiceReference holds a reference to Service.legacy.k8s.io
#ServiceReference: {
// `namespace` is the namespace of the service.
// Required
namespace: string @go(Namespace) @protobuf(1,bytes,opt)
// `name` is the name of the service.
// Required
name: string @go(Name) @protobuf(2,bytes,opt)
// `path` is an optional URL path which will be sent in any request to
// this service.
// +optional
path?: null | string @go(Path,*string) @protobuf(3,bytes,opt)
// If specified, the port on the service that hosting webhook.
// Default to 443 for backward compatibility.
// `port` should be a valid port number (1-65535, inclusive).
// +optional
port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt)
}
// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
#MatchCondition: {
// Name is an identifier for this match condition, used for strategic merging of MatchConditions,
// as well as providing an identifier for logging purposes. A good name should be descriptive of
// the associated expression.
// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and
// must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or
// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an
// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
//
// Required.
name: string @go(Name) @protobuf(1,bytes,opt)
// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
//
// 'object' - The object from the incoming request. The value is null for DELETE requests.
// 'oldObject' - The existing object. The value is null for CREATE requests.
// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).
// 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
// See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
// request resource.
// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
//
// Required.
expression: string @go(Expression) @protobuf(2,bytes,opt)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1
package v1
#GroupName: "apps"

946
timoni/podinfo/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,946 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
)
#ControllerRevisionHashLabelKey: "controller-revision-hash"
#StatefulSetRevisionLabel: "controller-revision-hash"
#DeprecatedRollbackTo: "deprecated.deployment.rollback.to"
#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation"
#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name"
#PodIndexLabel: "apps.kubernetes.io/pod-index"
// StatefulSet represents a set of pods with consistent identities.
// Identities are defined as:
// - Network: A single stable DNS and hostname.
// - Storage: As many VolumeClaims as requested.
//
// The StatefulSet guarantees that a given network identity will always
// map to the same storage identity.
#StatefulSet: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the desired identities of pods in this set.
// +optional
spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the current status of Pods in this StatefulSet. This data
// may be out of date by some window of time.
// +optional
status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// PodManagementPolicyType defines the policy for creating pods under a stateful set.
// +enum
#PodManagementPolicyType: string // #enumPodManagementPolicyType
#enumPodManagementPolicyType:
#OrderedReadyPodManagement |
#ParallelPodManagement
// OrderedReadyPodManagement will create pods in strictly increasing order on
// scale up and strictly decreasing order on scale down, progressing only when
// the previous pod is ready or terminated. At most one pod will be changed
// at any time.
#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
// ParallelPodManagement will create and delete pods as soon as the stateful set
// replica count is changed, and will not wait for pods to be ready or complete
// termination.
#ParallelPodManagement: #PodManagementPolicyType & "Parallel"
// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
// controller will use to perform updates. It includes any additional parameters
// necessary to perform the update for the indicated strategy.
#StatefulSetUpdateStrategy: {
// Type indicates the type of the StatefulSetUpdateStrategy.
// Default is RollingUpdate.
// +optional
type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
// RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
// +optional
rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
}
// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
// all possible update strategies for the StatefulSet controller.
// +enum
#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
#enumStatefulSetUpdateStrategyType:
#RollingUpdateStatefulSetStrategyType |
#OnDeleteStatefulSetStrategyType
// RollingUpdateStatefulSetStrategyType indicates that update will be
// applied to all Pods in the StatefulSet with respect to the StatefulSet
// ordering constraints. When a scale operation is performed with this
// strategy, new Pods will be created from the specification version indicated
// by the StatefulSet's updateRevision.
#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
// tracking and ordered rolling restarts are disabled. Pods are recreated
// from the StatefulSetSpec when they are manually deleted. When a scale
// operation is performed with this strategy,specification version indicated
// by the StatefulSet's currentRevision.
#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
#RollingUpdateStatefulSetStrategy: {
// Partition indicates the ordinal at which the StatefulSet should be partitioned
// for updates. During a rolling update, all pods from ordinal Replicas-1 to
// Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
// This is helpful in being able to do a canary based deployment. The default value is 0.
// +optional
partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
// The maximum number of pods that can be unavailable during the update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// Absolute number is calculated from percentage by rounding up. This can not be 0.
// Defaults to 1. This field is alpha-level and is only honored by servers that enable the
// MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
// Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
// will be counted towards MaxUnavailable.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt)
}
// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
// deleted or scaled down.
#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
#enumPersistentVolumeClaimRetentionPolicyType:
#RetainPersistentVolumeClaimRetentionPolicyType |
#DeletePersistentVolumeClaimRetentionPolicyType
// RetainPersistentVolumeClaimRetentionPolicyType is the default
// PersistentVolumeClaimRetentionPolicy and specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will not be deleted.
#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
// RetentionPersistentVolumeClaimRetentionPolicyType specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will be deleted in the scenario specified in
// StatefulSetPersistentVolumeClaimRetentionPolicy.
#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
// created from the StatefulSet VolumeClaimTemplates.
#StatefulSetPersistentVolumeClaimRetentionPolicy: {
// WhenDeleted specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
// `Delete` policy causes those PVCs to be deleted.
whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
// WhenScaled specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is scaled down. The default
// policy of `Retain` causes PVCs to not be affected by a scaledown. The
// `Delete` policy causes the associated PVCs for any excess pods above
// the replica count to be deleted.
whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
}
// StatefulSetOrdinals describes the policy used for replica ordinal assignment
// in this StatefulSet.
#StatefulSetOrdinals: {
// start is the number representing the first replica's index. It may be used
// to number replicas from an alternate index (eg: 1-indexed) over the default
// 0-indexed names, or to orchestrate progressive movement of replicas from
// one StatefulSet to another.
// If set, replica indices will be in the range:
// [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
// If unset, defaults to 0. Replica indices will be in the range:
// [0, .spec.replicas).
// +optional
start: int32 @go(Start) @protobuf(1,varint,opt)
}
// A StatefulSetSpec is the specification of a StatefulSet.
#StatefulSetSpec: {
// replicas is the desired number of replicas of the given Template.
// These are replicas in the sense that they are instantiations of the
// same Template, but individual replicas also have a consistent identity.
// If unspecified, defaults to 1.
// TODO: Consider a rename of this field.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// selector is a label query over pods that should match the replica count.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// template is the object that describes the pod that will be created if
// insufficient replicas are detected. Each pod stamped out by the StatefulSet
// will fulfill this Template, but have a unique identity from the rest
// of the StatefulSet. Each pod will be named with the format
// <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named
// "web" with index number "3" would be named "web-3".
// The only allowed template.spec.restartPolicy value is "Always".
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// volumeClaimTemplates is a list of claims that pods are allowed to reference.
// The StatefulSet controller is responsible for mapping network identities to
// claims in a way that maintains the identity of a pod. Every claim in
// this list must have at least one matching (by name) volumeMount in one
// container in the template. A claim in this list takes precedence over
// any volumes in the template, with the same name.
// TODO: Define the behavior if a claim already exists with the same name.
// +optional
volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
// serviceName is the name of the service that governs this StatefulSet.
// This service must exist before the StatefulSet, and is responsible for
// the network identity of the set. Pods get DNS/hostnames that follow the
// pattern: pod-specific-string.serviceName.default.svc.cluster.local
// where "pod-specific-string" is managed by the StatefulSet controller.
serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
// podManagementPolicy controls how pods are created during initial scale up,
// when replacing pods on nodes, or when scaling down. The default policy is
// `OrderedReady`, where pods are created in increasing order (pod-0, then
// pod-1, etc) and the controller will wait until each pod is ready before
// continuing. When scaling down, the pods are removed in the opposite order.
// The alternative policy is `Parallel` which will create pods in parallel
// to match the desired scale without waiting, and on scale down will delete
// all pods at once.
// +optional
podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
// updateStrategy indicates the StatefulSetUpdateStrategy that will be
// employed to update Pods in the StatefulSet when a revision is made to
// Template.
updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
// revisionHistoryLimit is the maximum number of revisions that will
// be maintained in the StatefulSet's revision history. The revision history
// consists of all revisions not represented by a currently applied
// StatefulSetSpec version. The default value is 10.
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
// persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
// volume claims created from volumeClaimTemplates. By default, all persistent
// volume claims are created as needed and retained until manually deleted. This
// policy allows the lifecycle to be altered, for example by deleting persistent
// volume claims when their stateful set is deleted, or when their pod is scaled
// down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
// which is alpha. +optional
persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
// ordinals controls the numbering of replica indices in a StatefulSet. The
// default ordinals behavior assigns a "0" index to the first replica and
// increments the index by one for each additional replica requested. Using
// the ordinals field requires the StatefulSetStartOrdinal feature gate to be
// enabled, which is beta.
// +optional
ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt)
}
// StatefulSetStatus represents the current state of a StatefulSet.
#StatefulSetStatus: {
// observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
// StatefulSet's generation, which is updated on mutation by the API Server.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// replicas is the number of Pods created by the StatefulSet controller.
replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
// currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by currentRevision.
currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
// updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by updateRevision.
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
// currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
// sequence [0,currentReplicas).
currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
// updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
// [replicas-updatedReplicas,replicas)
updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
// collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
// uses this field as a collision avoidance mechanism when it needs to create the name for the
// newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a statefulset's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
// Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
// +optional
availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
}
#StatefulSetConditionType: string
// StatefulSetCondition describes the state of a statefulset at a certain point.
#StatefulSetCondition: {
// Type of statefulset condition.
type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// StatefulSetList is a collection of StatefulSets.
#StatefulSetList: {
metav1.#TypeMeta
// Standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of stateful sets.
items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
}
// Deployment enables declarative updates for Pods and ReplicaSets.
#Deployment: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the Deployment.
// +optional
spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
// Most recently observed status of the Deployment.
// +optional
status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
}
// DeploymentSpec is the specification of the desired behavior of the Deployment.
#DeploymentSpec: {
// Number of desired pods. This is a pointer to distinguish between explicit
// zero and not specified. Defaults to 1.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Label selector for pods. Existing ReplicaSets whose pods are
// selected by this will be the ones affected by this deployment.
// It must match the pod template's labels.
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template describes the pods that will be created.
// The only allowed template.spec.restartPolicy value is "Always".
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// The deployment strategy to use to replace existing pods with new ones.
// +optional
// +patchStrategy=retainKeys
strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
// The number of old ReplicaSets to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 10.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
// Indicates that the deployment is paused.
// +optional
paused?: bool @go(Paused) @protobuf(7,varint,opt)
// The maximum time in seconds for a deployment to make progress before it
// is considered to be failed. The deployment controller will continue to
// process failed deployments and a condition with a ProgressDeadlineExceeded
// reason will be surfaced in the deployment status. Note that progress will
// not be estimated during the time a deployment is paused. Defaults to 600s.
progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt)
}
// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
// to select new pods (and old pods being select by new ReplicaSet).
#DefaultDeploymentUniqueLabelKey: "pod-template-hash"
// DeploymentStrategy describes how to replace existing pods with new ones.
#DeploymentStrategy: {
// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
// +optional
type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType)
// Rolling update config params. Present only if DeploymentStrategyType =
// RollingUpdate.
//---
// TODO: Update this to follow our convention for oneOf, whatever we decide it
// to be.
// +optional
rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt)
}
// +enum
#DeploymentStrategyType: string // #enumDeploymentStrategyType
#enumDeploymentStrategyType:
#RecreateDeploymentStrategyType |
#RollingUpdateDeploymentStrategyType
// Kill all existing pods before creating new ones.
#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate"
// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate"
// Spec to control the desired behavior of rolling update.
#RollingUpdateDeployment: {
// The maximum number of pods that can be unavailable during the update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// The maximum number of pods that can be scheduled above the desired number of
// pods.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is at most 130% of desired pods.
// +optional
maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
}
// DeploymentStatus is the most recently observed status of the Deployment.
#DeploymentStatus: {
// The generation observed by the deployment controller.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// Total number of non-terminated pods targeted by this deployment (their labels match the selector).
// +optional
replicas?: int32 @go(Replicas) @protobuf(2,varint,opt)
// Total number of non-terminated pods targeted by this deployment that have the desired template spec.
// +optional
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt)
// readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
// +optional
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt)
// Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
// +optional
availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt)
// Total number of unavailable pods targeted by this deployment. This is the total number of
// pods that are still required for the deployment to have 100% available capacity. They may
// either be pods that are running but not yet available or pods that still have not been created.
// +optional
unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt)
// Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep)
// Count of hash collisions for the Deployment. The Deployment controller uses this
// field as a collision avoidance mechanism when it needs to create the name for the
// newest ReplicaSet.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt)
}
#DeploymentConditionType: string // #enumDeploymentConditionType
#enumDeploymentConditionType:
#DeploymentAvailable |
#DeploymentProgressing |
#DeploymentReplicaFailure
// Available means the deployment is available, ie. at least the minimum available
// replicas required are up and running for at least minReadySeconds.
#DeploymentAvailable: #DeploymentConditionType & "Available"
// Progressing means the deployment is progressing. Progress for a deployment is
// considered when a new replica set is created or adopted, and when new pods scale
// up or old pods scale down. Progress is not estimated for paused deployments or
// when progressDeadlineSeconds is not specified.
#DeploymentProgressing: #DeploymentConditionType & "Progressing"
// ReplicaFailure is added in a deployment when one of its pods fails to be created
// or deleted.
#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure"
// DeploymentCondition describes the state of a deployment at a certain point.
#DeploymentCondition: {
// Type of deployment condition.
type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// The last time this condition was updated.
lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt)
// Last time the condition transitioned from one status to another.
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt)
// The reason for the condition's last transition.
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// DeploymentList is a list of Deployments.
#DeploymentList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of Deployments.
items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep)
}
// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
#DaemonSetUpdateStrategy: {
// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
// +optional
type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt)
// Rolling update config params. Present only if type = "RollingUpdate".
//---
// TODO: Update this to follow our convention for oneOf, whatever we decide it
// to be. Same as Deployment `strategy.rollingUpdate`.
// See https://github.com/kubernetes/kubernetes/issues/35345
// +optional
rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt)
}
// +enum
#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType
#enumDaemonSetUpdateStrategyType:
#RollingUpdateDaemonSetStrategyType |
#OnDeleteDaemonSetStrategyType
// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate"
// Replace the old daemons only when it's killed
#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete"
// Spec to control the desired behavior of daemon set rolling update.
#RollingUpdateDaemonSet: {
// The maximum number of DaemonSet pods that can be unavailable during the
// update. Value can be an absolute number (ex: 5) or a percentage of total
// number of DaemonSet pods at the start of the update (ex: 10%). Absolute
// number is calculated from percentage by rounding up.
// This cannot be 0 if MaxSurge is 0
// Default value is 1.
// Example: when this is set to 30%, at most 30% of the total number of nodes
// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
// can have their pods stopped for an update at any given time. The update
// starts by stopping at most 30% of those DaemonSet pods and then brings
// up new DaemonSet pods in their place. Once the new pods are available,
// it then proceeds onto other DaemonSet pods, thus ensuring that at least
// 70% of original number of DaemonSet pods are available at all times during
// the update.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// The maximum number of nodes with an existing available DaemonSet pod that
// can have an updated DaemonSet pod during during an update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up to a minimum of 1.
// Default value is 0.
// Example: when this is set to 30%, at most 30% of the total number of nodes
// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
// can have their a new pod created before the old pod is marked as deleted.
// The update starts by launching new pods on 30% of nodes. Once an updated
// pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
// on that node is marked deleted. If the old pod becomes unavailable for any
// reason (Ready transitions to false, is evicted, or is drained) an updated
// pod is immediatedly created on that node without considering surge limits.
// Allowing surge implies the possibility that the resources consumed by the
// daemonset on any given node can double if the readiness check fails, and
// so resource intensive daemonsets should take into account that they may
// cause evictions during disruption.
// +optional
maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
}
// DaemonSetSpec is the specification of a daemon set.
#DaemonSetSpec: {
// A label query over pods that are managed by the daemon set.
// Must match in order to be controlled.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
// An object that describes the pod that will be created.
// The DaemonSet will create exactly one copy of this pod on every node
// that matches the template's node selector (or on every node if no node
// selector is specified).
// The only allowed template.spec.restartPolicy value is "Always".
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
// An update strategy to replace existing DaemonSet pods with new pods.
// +optional
updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt)
// The minimum number of seconds for which a newly created DaemonSet pod should
// be ready without any of its container crashing, for it to be considered
// available. Defaults to 0 (pod will be considered available as soon as it
// is ready).
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
// The number of old history to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 10.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
}
// DaemonSetStatus represents the current status of a daemon set.
#DaemonSetStatus: {
// The number of nodes that are running at least 1
// daemon pod and are supposed to run the daemon pod.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt)
// The number of nodes that are running the daemon pod, but are
// not supposed to run the daemon pod.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt)
// The total number of nodes that should be running the daemon
// pod (including nodes correctly running the daemon pod).
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt)
// numberReady is the number of nodes that should be running the daemon pod and have one
// or more of the daemon pod running with a Ready Condition.
numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt)
// The most recent generation observed by the daemon set controller.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt)
// The total number of nodes that are running updated daemon pod
// +optional
updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt)
// The number of nodes that should be running the
// daemon pod and have one or more of the daemon pod running and
// available (ready for at least spec.minReadySeconds)
// +optional
numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt)
// The number of nodes that should be running the
// daemon pod and have none of the daemon pod running and available
// (ready for at least spec.minReadySeconds)
// +optional
numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt)
// Count of hash collisions for the DaemonSet. The DaemonSet controller
// uses this field as a collision avoidance mechanism when it needs to
// create the name for the newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a DaemonSet's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep)
}
#DaemonSetConditionType: string
// DaemonSetCondition describes the state of a DaemonSet at a certain point.
#DaemonSetCondition: {
// Type of DaemonSet condition.
type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// DaemonSet represents the configuration of a daemon set.
#DaemonSet: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// The desired behavior of this daemon set.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt)
// The current status of this daemon set. This data may be
// out of date by some window of time.
// Populated by the system.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// DefaultDaemonSetUniqueLabelKey is the default label key that is added
// to existing DaemonSet pods to distinguish between old and new
// DaemonSet pods during DaemonSet template updates.
#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash"
// DaemonSetList is a collection of daemon sets.
#DaemonSetList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// A list of daemon sets.
items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep)
}
// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
#ReplicaSet: {
metav1.#TypeMeta
// If the Labels of a ReplicaSet are empty, they are defaulted to
// be the same as the Pod(s) that the ReplicaSet manages.
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the specification of the desired behavior of the ReplicaSet.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the most recently observed status of the ReplicaSet.
// This data may be out of date by some window of time.
// Populated by the system.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// ReplicaSetList is a collection of ReplicaSets.
#ReplicaSetList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ReplicaSets.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep)
}
// ReplicaSetSpec is the specification of a ReplicaSet.
#ReplicaSetSpec: {
// Replicas is the number of desired replicas.
// This is a pointer to distinguish between explicit zero and unspecified.
// Defaults to 1.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
// Selector is a label query over pods that should match the replica count.
// Label keys and values that must match in order to be controlled by this replica set.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template is the object that describes the pod that will be created if
// insufficient replicas are detected.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
// +optional
template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
}
// ReplicaSetStatus represents the current status of a ReplicaSet.
#ReplicaSetStatus: {
// Replicas is the most recently observed number of replicas.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
// The number of pods that have labels matching the labels of the pod template of the replicaset.
// +optional
fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
// +optional
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
// The number of available replicas (ready for at least minReadySeconds) for this replica set.
// +optional
availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
// ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
// Represents the latest available observations of a replica set's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep)
}
#ReplicaSetConditionType: string // #enumReplicaSetConditionType
#enumReplicaSetConditionType:
#ReplicaSetReplicaFailure
// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created
// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted
// due to kubelet being down or finalizers are failing.
#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure"
// ReplicaSetCondition describes the state of a replica set at a certain point.
#ReplicaSetCondition: {
// Type of replica set condition.
type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// The last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// ControllerRevision implements an immutable snapshot of state data. Clients
// are responsible for serializing and deserializing the objects that contain
// their internal state.
// Once a ControllerRevision has been successfully created, it can not be updated.
// The API Server will fail validation of all requests that attempt to mutate
// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
// it may be subject to name and representation changes in future releases, and clients should not
// depend on its stability. It is primarily for internal use by controllers.
#ControllerRevision: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Data is the serialized representation of the state.
data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt)
// Revision indicates the revision of the state represented by Data.
revision: int64 @go(Revision) @protobuf(3,varint,opt)
}
// ControllerRevisionList is a resource containing a list of ControllerRevision objects.
#ControllerRevisionList: {
metav1.#TypeMeta
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of ControllerRevisions
items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/authentication/v1
package v1
#GroupName: "authentication.k8s.io"

206
timoni/podinfo/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,206 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/authentication/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
// ImpersonateUserHeader is used to impersonate a particular user during an API server request
#ImpersonateUserHeader: "Impersonate-User"
// ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
// It can be repeated multiplied times for multiple groups.
#ImpersonateGroupHeader: "Impersonate-Group"
// ImpersonateUIDHeader is used to impersonate a particular UID during an API server request
#ImpersonateUIDHeader: "Impersonate-Uid"
// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the
// extra map[string][]string for user.Info. The key will be every after the prefix.
// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple
// times to have multiple elements in the slice under a single key
#ImpersonateUserExtraHeaderPrefix: "Impersonate-Extra-"
// TokenReview attempts to authenticate a token to a known user.
// Note: TokenReview requests may be cached by the webhook token authenticator
// plugin in the kube-apiserver.
#TokenReview: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec holds information about the request being evaluated
spec: #TokenReviewSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is filled in by the server and indicates whether the request can be authenticated.
// +optional
status?: #TokenReviewStatus @go(Status) @protobuf(3,bytes,opt)
}
// TokenReviewSpec is a description of the token authentication request.
#TokenReviewSpec: {
// Token is the opaque bearer token.
// +optional
token?: string @go(Token) @protobuf(1,bytes,opt)
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will
// verify that the token was intended for at least one of the audiences in
// this list. If no audiences are provided, the audience will default to the
// audience of the Kubernetes apiserver.
// +optional
audiences?: [...string] @go(Audiences,[]string) @protobuf(2,bytes,rep)
}
// TokenReviewStatus is the result of the token authentication request.
#TokenReviewStatus: {
// Authenticated indicates that the token was associated with a known user.
// +optional
authenticated?: bool @go(Authenticated) @protobuf(1,varint,opt)
// User is the UserInfo associated with the provided token.
// +optional
user?: #UserInfo @go(User) @protobuf(2,bytes,opt)
// Audiences are audience identifiers chosen by the authenticator that are
// compatible with both the TokenReview and token. An identifier is any
// identifier in the intersection of the TokenReviewSpec audiences and the
// token's audiences. A client of the TokenReview API that sets the
// spec.audiences field should validate that a compatible audience identifier
// is returned in the status.audiences field to ensure that the TokenReview
// server is audience aware. If a TokenReview returns an empty
// status.audience field where status.authenticated is "true", the token is
// valid against the audience of the Kubernetes API server.
// +optional
audiences?: [...string] @go(Audiences,[]string) @protobuf(4,bytes,rep)
// Error indicates that the token couldn't be checked
// +optional
error?: string @go(Error) @protobuf(3,bytes,opt)
}
// UserInfo holds the information about the user needed to implement the
// user.Info interface.
#UserInfo: {
// The name that uniquely identifies this user among all active users.
// +optional
username?: string @go(Username) @protobuf(1,bytes,opt)
// A unique value that identifies this user across time. If this user is
// deleted and another user by the same name is added, they will have
// different UIDs.
// +optional
uid?: string @go(UID) @protobuf(2,bytes,opt)
// The names of groups this user is a part of.
// +optional
groups?: [...string] @go(Groups,[]string) @protobuf(3,bytes,rep)
// Any additional information provided by the authenticator.
// +optional
extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(4,bytes,rep)
}
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
#ExtraValue: [...string]
// TokenRequest requests a token for a given service account.
#TokenRequest: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec holds information about the request being evaluated
spec: #TokenRequestSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is filled in by the server and indicates whether the token can be authenticated.
// +optional
status?: #TokenRequestStatus @go(Status) @protobuf(3,bytes,opt)
}
// TokenRequestSpec contains client provided parameters of a token request.
#TokenRequestSpec: {
// Audiences are the intendend audiences of the token. A recipient of a
// token must identify themself with an identifier in the list of
// audiences of the token, and otherwise should reject the token. A
// token issued for multiple audiences may be used to authenticate
// against any of the audiences listed but implies a high degree of
// trust between the target audiences.
audiences: [...string] @go(Audiences,[]string) @protobuf(1,bytes,rep)
// ExpirationSeconds is the requested duration of validity of the request. The
// token issuer may return a token with a different validity duration so a
// client needs to check the 'expiration' field in a response.
// +optional
expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(4,varint,opt)
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server's TokenReview endpoint will validate the
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
// small if you want prompt revocation.
// +optional
boundObjectRef?: null | #BoundObjectReference @go(BoundObjectRef,*BoundObjectReference) @protobuf(3,bytes,opt)
}
// TokenRequestStatus is the result of a token request.
#TokenRequestStatus: {
// Token is the opaque bearer token.
token: string @go(Token) @protobuf(1,bytes,opt)
// ExpirationTimestamp is the time of expiration of the returned token.
expirationTimestamp: metav1.#Time @go(ExpirationTimestamp) @protobuf(2,bytes,opt)
}
// BoundObjectReference is a reference to an object that a token is bound to.
#BoundObjectReference: {
// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
// +optional
kind?: string @go(Kind) @protobuf(1,bytes,opt)
// API version of the referent.
// +optional
apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt)
// Name of the referent.
// +optional
name?: string @go(Name) @protobuf(3,bytes,opt)
// UID of the referent.
// +optional
uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID)
}
// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
// When using impersonation, users will receive the user info of the user being impersonated. If impersonation or
// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
#SelfSubjectReview: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Status is filled in by the server with the user attributes.
status?: #SelfSubjectReviewStatus @go(Status) @protobuf(2,bytes,opt)
}
// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
#SelfSubjectReviewStatus: {
// User attributes of the user making this request.
// +optional
userInfo?: #UserInfo @go(UserInfo) @protobuf(1,bytes,opt)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/authorization/v1
package v1
#GroupName: "authorization.k8s.io"

262
timoni/podinfo/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,262 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/authorization/v1
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// SubjectAccessReview checks whether or not a user or group can perform an action.
#SubjectAccessReview: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec holds information about the request being evaluated
spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt)
}
// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a
// spec.namespace means "in all namespaces". Self is a special case, because users should always be able
// to check whether they can perform an action
#SelfSubjectAccessReview: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec holds information about the request being evaluated. user and groups must be empty
spec: #SelfSubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt)
}
// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
// checking.
#LocalSubjectAccessReview: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace
// you made the request against. If empty, it is defaulted.
spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is filled in by the server and indicates whether the request is allowed or not
// +optional
status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt)
}
// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
#ResourceAttributes: {
// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces
// "" (empty) is defaulted for LocalSubjectAccessReviews
// "" (empty) is empty for cluster-scoped resources
// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
// +optional
namespace?: string @go(Namespace) @protobuf(1,bytes,opt)
// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
// +optional
verb?: string @go(Verb) @protobuf(2,bytes,opt)
// Group is the API Group of the Resource. "*" means all.
// +optional
group?: string @go(Group) @protobuf(3,bytes,opt)
// Version is the API Version of the Resource. "*" means all.
// +optional
version?: string @go(Version) @protobuf(4,bytes,opt)
// Resource is one of the existing resource types. "*" means all.
// +optional
resource?: string @go(Resource) @protobuf(5,bytes,opt)
// Subresource is one of the existing resource types. "" means none.
// +optional
subresource?: string @go(Subresource) @protobuf(6,bytes,opt)
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
// +optional
name?: string @go(Name) @protobuf(7,bytes,opt)
}
// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
#NonResourceAttributes: {
// Path is the URL path of the request
// +optional
path?: string @go(Path) @protobuf(1,bytes,opt)
// Verb is the standard HTTP verb
// +optional
verb?: string @go(Verb) @protobuf(2,bytes,opt)
}
// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
// and NonResourceAuthorizationAttributes must be set
#SubjectAccessReviewSpec: {
// ResourceAuthorizationAttributes describes information for a resource access request
// +optional
resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt)
// NonResourceAttributes describes information for a non-resource access request
// +optional
nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt)
// User is the user you're testing for.
// If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
// +optional
user?: string @go(User) @protobuf(3,bytes,opt)
// Groups is the groups you're testing for.
// +optional
groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep)
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
// +optional
extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(5,bytes,rep)
// UID information about the requesting user.
// +optional
uid?: string @go(UID) @protobuf(6,bytes,opt)
}
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
#ExtraValue: [...string]
// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
// and NonResourceAuthorizationAttributes must be set
#SelfSubjectAccessReviewSpec: {
// ResourceAuthorizationAttributes describes information for a resource access request
// +optional
resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt)
// NonResourceAttributes describes information for a non-resource access request
// +optional
nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt)
}
// SubjectAccessReviewStatus
#SubjectAccessReviewStatus: {
// Allowed is required. True if the action would be allowed, false otherwise.
allowed: bool @go(Allowed) @protobuf(1,varint,opt)
// Denied is optional. True if the action would be denied, otherwise
// false. If both allowed is false and denied is false, then the
// authorizer has no opinion on whether to authorize the action. Denied
// may not be true if Allowed is true.
// +optional
denied?: bool @go(Denied) @protobuf(4,varint,opt)
// Reason is optional. It indicates why a request was allowed or denied.
// +optional
reason?: string @go(Reason) @protobuf(2,bytes,opt)
// EvaluationError is an indication that some error occurred during the authorization check.
// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
// +optional
evaluationError?: string @go(EvaluationError) @protobuf(3,bytes,opt)
}
// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
// The returned list of actions may be incomplete depending on the server's authorization mode,
// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions,
// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to
// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns.
// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.
#SelfSubjectRulesReview: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec holds information about the request being evaluated.
spec: #SelfSubjectRulesReviewSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is filled in by the server and indicates the set of actions a user can perform.
// +optional
status?: #SubjectRulesReviewStatus @go(Status) @protobuf(3,bytes,opt)
}
// SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.
#SelfSubjectRulesReviewSpec: {
// Namespace to evaluate rules for. Required.
namespace?: string @go(Namespace) @protobuf(1,bytes,opt)
}
// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on
// the set of authorizers the server is configured with and any errors experienced during evaluation.
// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission,
// even if that list is incomplete.
#SubjectRulesReviewStatus: {
// ResourceRules is the list of actions the subject is allowed to perform on resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
resourceRules: [...#ResourceRule] @go(ResourceRules,[]ResourceRule) @protobuf(1,bytes,rep)
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
nonResourceRules: [...#NonResourceRule] @go(NonResourceRules,[]NonResourceRule) @protobuf(2,bytes,rep)
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
incomplete: bool @go(Incomplete) @protobuf(3,bytes,rep)
// EvaluationError can appear in combination with Rules. It indicates an error occurred during
// rule evaluation, such as an authorizer that doesn't support rule evaluation, and that
// ResourceRules and/or NonResourceRules may be incomplete.
// +optional
evaluationError?: string @go(EvaluationError) @protobuf(4,bytes,opt)
}
// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant,
// may contain duplicates, and possibly be incomplete.
#ResourceRule: {
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep)
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "*" means all.
// +optional
apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep)
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
// +optional
resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
// +optional
resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep)
}
// NonResourceRule holds information that describes a rule for the non-resource
#NonResourceRule: {
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep)
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
// final step in the path. "*" means all.
// +optional
nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(2,bytes,rep)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/autoscaling/v1
package v1
#GroupName: "autoscaling"

542
timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,542 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/autoscaling/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/api/resource"
"k8s.io/api/core/v1"
)
// CrossVersionObjectReference contains enough information to let you identify the referred resource.
// +structType=atomic
#CrossVersionObjectReference: {
// kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: string @go(Kind) @protobuf(1,bytes,opt)
// name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
name: string @go(Name) @protobuf(2,bytes,opt)
// apiVersion is the API version of the referent
// +optional
apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
}
// specification of a horizontal pod autoscaler.
#HorizontalPodAutoscalerSpec: {
// reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption
// and will set the desired number of pods by using its Scale subresource.
scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt)
// minReplicas is the lower limit for the number of replicas to which the autoscaler
// can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the
// alpha feature gate HPAScaleToZero is enabled and at least one Object or External
// metric is configured. Scaling is active as long as at least one metric value is
// available.
// +optional
minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt)
// maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas.
maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt)
// targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods;
// if not specified the default autoscaling policy will be used.
// +optional
targetCPUUtilizationPercentage?: null | int32 @go(TargetCPUUtilizationPercentage,*int32) @protobuf(4,varint,opt)
}
// current status of a horizontal pod autoscaler
#HorizontalPodAutoscalerStatus: {
// observedGeneration is the most recent generation observed by this autoscaler.
// +optional
observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt)
// lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods;
// used by the autoscaler to control how often the number of pods is changed.
// +optional
lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt)
// currentReplicas is the current number of replicas of pods managed by this autoscaler.
currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt)
// desiredReplicas is the desired number of replicas of pods managed by this autoscaler.
desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt)
// currentCPUUtilizationPercentage is the current average CPU utilization over all pods, represented as a percentage of requested CPU,
// e.g. 70 means that an average pod is using now 70% of its requested CPU.
// +optional
currentCPUUtilizationPercentage?: null | int32 @go(CurrentCPUUtilizationPercentage,*int32) @protobuf(5,varint,opt)
}
// configuration of a horizontal pod autoscaler.
#HorizontalPodAutoscaler: {
metav1.#TypeMeta
// Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// +optional
spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt)
// status is the current information about the autoscaler.
// +optional
status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt)
}
// list of horizontal pod autoscaler objects.
#HorizontalPodAutoscalerList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of horizontal pod autoscaler objects.
items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep)
}
// Scale represents a scaling request for a resource.
#Scale: {
metav1.#TypeMeta
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// +optional
spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt)
// status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.
// +optional
status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt)
}
// ScaleSpec describes the attributes of a scale subresource.
#ScaleSpec: {
// replicas is the desired number of instances for the scaled object.
// +optional
replicas?: int32 @go(Replicas) @protobuf(1,varint,opt)
}
// ScaleStatus represents the current status of a scale subresource.
#ScaleStatus: {
// replicas is the actual number of observed instances of the scaled object.
replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
// selector is the label query over pods that should match the replicas count. This is same
// as the label selector but in the string format to avoid introspection
// by clients. The string will be in the same format as the query-param syntax.
// More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// +optional
selector?: string @go(Selector) @protobuf(2,bytes,opt)
}
// MetricSourceType indicates the type of metric.
// +enum
#MetricSourceType: string // #enumMetricSourceType
#enumMetricSourceType:
#ObjectMetricSourceType |
#PodsMetricSourceType |
#ResourceMetricSourceType |
#ContainerResourceMetricSourceType |
#ExternalMetricSourceType
// ObjectMetricSourceType is a metric describing a kubernetes object
// (for example, hits-per-second on an Ingress object).
#ObjectMetricSourceType: #MetricSourceType & "Object"
// PodsMetricSourceType is a metric describing each pod in the current scale
// target (for example, transactions-processed-per-second). The values
// will be averaged together before being compared to the target value.
#PodsMetricSourceType: #MetricSourceType & "Pods"
// ResourceMetricSourceType is a resource metric known to Kubernetes, as
// specified in requests and limits, describing each pod in the current
// scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics (the "pods" source).
#ResourceMetricSourceType: #MetricSourceType & "Resource"
// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as
// specified in requests and limits, describing a single container in each pod in the current
// scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics (the "pods" source).
#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource"
// ExternalMetricSourceType is a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
#ExternalMetricSourceType: #MetricSourceType & "External"
// MetricSpec specifies how to scale based on a single metric
// (only `type` and one other matching field should be set at once).
#MetricSpec: {
// type is the type of metric source. It should be one of "ContainerResource",
// "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object.
// Note: "ContainerResource" type is available on when the feature-gate
// HPAContainerMetrics is enabled
type: #MetricSourceType @go(Type) @protobuf(1,bytes)
// object refers to a metric describing a single kubernetes object
// (for example, hits-per-second on an Ingress object).
// +optional
object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt)
// pods refers to a metric describing each pod in the current scale target
// (for example, transactions-processed-per-second). The values will be
// averaged together before being compared to the target value.
// +optional
pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt)
// resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt)
// containerResource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing a single container in each pod of the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
// +optional
containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt)
// external refers to a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
// +optional
external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt)
}
// ObjectMetricSource indicates how to scale on a metric describing a
// kubernetes object (for example, hits-per-second on an Ingress object).
#ObjectMetricSource: {
// target is the described Kubernetes object.
target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes)
// metricName is the name of the metric in question.
metricName: string @go(MetricName) @protobuf(2,bytes)
// targetValue is the target value of the metric (as a quantity).
targetValue: resource.#Quantity @go(TargetValue) @protobuf(3,bytes)
// selector is the string-encoded form of a standard kubernetes label selector for the given metric.
// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping
// When unset, just the metricName will be used to gather metrics.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes)
// averageValue is the target value of the average of the
// metric across all relevant pods (as a quantity)
// +optional
averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes)
}
// PodsMetricSource indicates how to scale on a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
// The values will be averaged together before being compared to the target
// value.
#PodsMetricSource: {
// metricName is the name of the metric in question
metricName: string @go(MetricName) @protobuf(1,bytes)
// targetAverageValue is the target value of the average of the
// metric across all relevant pods (as a quantity)
targetAverageValue: resource.#Quantity @go(TargetAverageValue) @protobuf(2,bytes)
// selector is the string-encoded form of a standard kubernetes label selector for the given metric
// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping
// When unset, just the metricName will be used to gather metrics.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes)
}
// ResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). The values will be averaged
// together before being compared to the target. Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source. Only one "target" type
// should be set.
#ResourceMetricSource: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// targetAverageUtilization is the target value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods.
// +optional
targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt)
// targetAverageValue is the target value of the average of the
// resource metric across all relevant pods, as a raw value (instead of as
// a percentage of the request), similar to the "pods" metric source type.
// +optional
targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
}
// ContainerResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in the requests and limits, describing a single container in
// each of the pods of the current scale target(e.g. CPU or memory). The values will be
// averaged together before being compared to the target. Such metrics are built into
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source. Only one "target" type
// should be set.
#ContainerResourceMetricSource: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// targetAverageUtilization is the target value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods.
// +optional
targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt)
// targetAverageValue is the target value of the average of the
// resource metric across all relevant pods, as a raw value (instead of as
// a percentage of the request), similar to the "pods" metric source type.
// +optional
targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
// container is the name of the container in the pods of the scaling target.
container: string @go(Container) @protobuf(5,bytes,opt)
}
// ExternalMetricSource indicates how to scale on a metric not associated with
// any Kubernetes object (for example length of queue in cloud
// messaging service, or QPS from loadbalancer running outside of cluster).
#ExternalMetricSource: {
// metricName is the name of the metric in question.
metricName: string @go(MetricName) @protobuf(1,bytes)
// metricSelector is used to identify a specific time series
// within a given metric.
// +optional
metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// targetValue is the target value of the metric (as a quantity).
// Mutually exclusive with TargetAverageValue.
// +optional
targetValue?: null | resource.#Quantity @go(TargetValue,*resource.Quantity) @protobuf(3,bytes,opt)
// targetAverageValue is the target per-pod value of global metric (as a quantity).
// Mutually exclusive with TargetValue.
// +optional
targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(4,bytes,opt)
}
// MetricStatus describes the last-read state of a single metric.
#MetricStatus: {
// type is the type of metric source. It will be one of "ContainerResource",
// "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
// Note: "ContainerResource" type is available on when the feature-gate
// HPAContainerMetrics is enabled
type: #MetricSourceType @go(Type) @protobuf(1,bytes)
// object refers to a metric describing a single kubernetes object
// (for example, hits-per-second on an Ingress object).
// +optional
object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt)
// pods refers to a metric describing each pod in the current scale target
// (for example, transactions-processed-per-second). The values will be
// averaged together before being compared to the target value.
// +optional
pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt)
// resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt)
// containerResource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing a single container in each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt)
// external refers to a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
// +optional
external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt)
}
// HorizontalPodAutoscalerConditionType are the valid conditions of
// a HorizontalPodAutoscaler.
#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType
#enumHorizontalPodAutoscalerConditionType:
#ScalingActive |
#AbleToScale |
#ScalingLimited
// ScalingActive indicates that the HPA controller is able to scale if necessary:
// it's correctly configured, can fetch the desired metrics, and isn't disabled.
#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive"
// AbleToScale indicates a lack of transient issues which prevent scaling from occurring,
// such as being in a backoff window, or being unable to access/update the target scale.
#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale"
// ScalingLimited indicates that the calculated scale based on metrics would be above or
// below the range for the HPA, and has thus been capped.
#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited"
// HorizontalPodAutoscalerCondition describes the state of
// a HorizontalPodAutoscaler at a certain point.
#HorizontalPodAutoscalerCondition: {
// type describes the current condition
type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes)
// status is the status of the condition (True, False, Unknown)
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes)
// lastTransitionTime is the last time the condition transitioned from
// one status to another
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// reason is the reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// message is a human-readable explanation containing details about
// the transition
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// ObjectMetricStatus indicates the current value of a metric describing a
// kubernetes object (for example, hits-per-second on an Ingress object).
#ObjectMetricStatus: {
// target is the described Kubernetes object.
target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes)
// metricName is the name of the metric in question.
metricName: string @go(MetricName) @protobuf(2,bytes)
// currentValue is the current value of the metric (as a quantity).
currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes)
// selector is the string-encoded form of a standard kubernetes label selector for the given metric
// When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
// When unset, just the metricName will be used to gather metrics.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes)
// averageValue is the current value of the average of the
// metric across all relevant pods (as a quantity)
// +optional
averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes)
}
// PodsMetricStatus indicates the current value of a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
#PodsMetricStatus: {
// metricName is the name of the metric in question
metricName: string @go(MetricName) @protobuf(1,bytes)
// currentAverageValue is the current value of the average of the
// metric across all relevant pods (as a quantity)
currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(2,bytes)
// selector is the string-encoded form of a standard kubernetes label selector for the given metric
// When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
// When unset, just the metricName will be used to gather metrics.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes)
}
// ResourceMetricStatus indicates the current value of a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source.
#ResourceMetricStatus: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// currentAverageUtilization is the current value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods. It will only be
// present if `targetAverageValue` was set in the corresponding metric
// specification.
// +optional
currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt)
// currentAverageValue is the current value of the average of the
// resource metric across all relevant pods, as a raw value (instead of as
// a percentage of the request), similar to the "pods" metric source type.
// It will always be set, regardless of the corresponding metric specification.
currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes)
}
// ContainerResourceMetricStatus indicates the current value of a resource metric known to
// Kubernetes, as specified in requests and limits, describing a single container in each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source.
#ContainerResourceMetricStatus: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// currentAverageUtilization is the current value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods. It will only be
// present if `targetAverageValue` was set in the corresponding metric
// specification.
// +optional
currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt)
// currentAverageValue is the current value of the average of the
// resource metric across all relevant pods, as a raw value (instead of as
// a percentage of the request), similar to the "pods" metric source type.
// It will always be set, regardless of the corresponding metric specification.
currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes)
// container is the name of the container in the pods of the scaling taget
container: string @go(Container) @protobuf(4,bytes,opt)
}
// ExternalMetricStatus indicates the current value of a global metric
// not associated with any Kubernetes object.
#ExternalMetricStatus: {
// metricName is the name of a metric used for autoscaling in
// metric system.
metricName: string @go(MetricName) @protobuf(1,bytes)
// metricSelector is used to identify a specific time series
// within a given metric.
// +optional
metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// currentValue is the current value of the metric (as a quantity)
currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes)
// currentAverageValue is the current value of metric averaged over autoscaled pods.
// +optional
currentAverageValue?: null | resource.#Quantity @go(CurrentAverageValue,*resource.Quantity) @protobuf(4,bytes,opt)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/autoscaling/v2
package v2
#GroupName: "autoscaling"

597
timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue Normal file
View File

@@ -0,0 +1,597 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/autoscaling/v2
package v2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
)
// HorizontalPodAutoscaler is the configuration for a horizontal pod
// autoscaler, which automatically manages the replica count of any resource
// implementing the scale subresource based on the metrics specified.
#HorizontalPodAutoscaler: {
metav1.#TypeMeta
// metadata is the standard object metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec is the specification for the behaviour of the autoscaler.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// +optional
spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt)
// status is the current information about the autoscaler.
// +optional
status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt)
}
// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.
#HorizontalPodAutoscalerSpec: {
// scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics
// should be collected, as well as to actually change the replica count.
scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt)
// minReplicas is the lower limit for the number of replicas to which the autoscaler
// can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the
// alpha feature gate HPAScaleToZero is enabled and at least one Object or External
// metric is configured. Scaling is active as long as at least one metric value is
// available.
// +optional
minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt)
// maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.
// It cannot be less that minReplicas.
maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt)
// metrics contains the specifications for which to use to calculate the
// desired replica count (the maximum replica count across all metrics will
// be used). The desired replica count is calculated multiplying the
// ratio between the target value and the current value by the current
// number of pods. Ergo, metrics used must decrease as the pod count is
// increased, and vice-versa. See the individual metric source types for
// more information about how each type of metric must respond.
// If not set, the default metric will be set to 80% average CPU utilization.
// +listType=atomic
// +optional
metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep)
// behavior configures the scaling behavior of the target
// in both Up and Down directions (scaleUp and scaleDown fields respectively).
// If not set, the default HPAScalingRules for scale up and scale down are used.
// +optional
behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt)
}
// CrossVersionObjectReference contains enough information to let you identify the referred resource.
#CrossVersionObjectReference: {
// kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: string @go(Kind) @protobuf(1,bytes,opt)
// name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
name: string @go(Name) @protobuf(2,bytes,opt)
// apiVersion is the API version of the referent
// +optional
apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
}
// MetricSpec specifies how to scale based on a single metric
// (only `type` and one other matching field should be set at once).
#MetricSpec: {
// type is the type of metric source. It should be one of "ContainerResource", "External",
// "Object", "Pods" or "Resource", each mapping to a matching field in the object.
// Note: "ContainerResource" type is available on when the feature-gate
// HPAContainerMetrics is enabled
type: #MetricSourceType @go(Type) @protobuf(1,bytes)
// object refers to a metric describing a single kubernetes object
// (for example, hits-per-second on an Ingress object).
// +optional
object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt)
// pods refers to a metric describing each pod in the current scale target
// (for example, transactions-processed-per-second). The values will be
// averaged together before being compared to the target value.
// +optional
pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt)
// resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt)
// containerResource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing a single container in
// each pod of the current scale target (e.g. CPU or memory). Such metrics are
// built in to Kubernetes, and have special scaling options on top of those
// available to normal per-pod metrics using the "pods" source.
// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
// +optional
containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt)
// external refers to a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
// +optional
external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt)
}
// HorizontalPodAutoscalerBehavior configures the scaling behavior of the target
// in both Up and Down directions (scaleUp and scaleDown fields respectively).
#HorizontalPodAutoscalerBehavior: {
// scaleUp is scaling policy for scaling Up.
// If not set, the default value is the higher of:
// * increase no more than 4 pods per 60 seconds
// * double the number of pods per 60 seconds
// No stabilization is used.
// +optional
scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt)
// scaleDown is scaling policy for scaling Down.
// If not set, the default value is to allow to scale down to minReplicas pods, with a
// 300 second stabilization window (i.e., the highest recommendation for
// the last 300sec is used).
// +optional
scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt)
}
// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction
#ScalingPolicySelect: string // #enumScalingPolicySelect
#enumScalingPolicySelect:
#MaxChangePolicySelect |
#MinChangePolicySelect |
#DisabledPolicySelect
// MaxChangePolicySelect selects the policy with the highest possible change.
#MaxChangePolicySelect: #ScalingPolicySelect & "Max"
// MinChangePolicySelect selects the policy with the lowest possible change.
#MinChangePolicySelect: #ScalingPolicySelect & "Min"
// DisabledPolicySelect disables the scaling in this direction.
#DisabledPolicySelect: #ScalingPolicySelect & "Disabled"
// HPAScalingRules configures the scaling behavior for one direction.
// These Rules are applied after calculating DesiredReplicas from metrics for the HPA.
// They can limit the scaling velocity by specifying scaling policies.
// They can prevent flapping by specifying the stabilization window, so that the
// number of replicas is not set instantly, instead, the safest value from the stabilization
// window is chosen.
#HPAScalingRules: {
// stabilizationWindowSeconds is the number of seconds for which past recommendations should be
// considered while scaling up or scaling down.
// StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
// If not set, use the default values:
// - For scale up: 0 (i.e. no stabilization is done).
// - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
// +optional
stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt)
// selectPolicy is used to specify which policy should be used.
// If not set, the default value Max is used.
// +optional
selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt)
// policies is a list of potential scaling polices which can be used during scaling.
// At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
// +listType=atomic
// +optional
policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep)
}
// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions.
#HPAScalingPolicyType: string // #enumHPAScalingPolicyType
#enumHPAScalingPolicyType:
#PodsScalingPolicy |
#PercentScalingPolicy
// PodsScalingPolicy is a policy used to specify a change in absolute number of pods.
#PodsScalingPolicy: #HPAScalingPolicyType & "Pods"
// PercentScalingPolicy is a policy used to specify a relative amount of change with respect to
// the current number of pods.
#PercentScalingPolicy: #HPAScalingPolicyType & "Percent"
// HPAScalingPolicy is a single policy which must hold true for a specified past interval.
#HPAScalingPolicy: {
// type is used to specify the scaling policy.
type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType)
// value contains the amount of change which is permitted by the policy.
// It must be greater than zero
value: int32 @go(Value) @protobuf(2,varint,opt)
// periodSeconds specifies the window of time for which the policy should hold true.
// PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt)
}
// MetricSourceType indicates the type of metric.
#MetricSourceType: string // #enumMetricSourceType
#enumMetricSourceType:
#ObjectMetricSourceType |
#PodsMetricSourceType |
#ResourceMetricSourceType |
#ContainerResourceMetricSourceType |
#ExternalMetricSourceType
// ObjectMetricSourceType is a metric describing a kubernetes object
// (for example, hits-per-second on an Ingress object).
#ObjectMetricSourceType: #MetricSourceType & "Object"
// PodsMetricSourceType is a metric describing each pod in the current scale
// target (for example, transactions-processed-per-second). The values
// will be averaged together before being compared to the target value.
#PodsMetricSourceType: #MetricSourceType & "Pods"
// ResourceMetricSourceType is a resource metric known to Kubernetes, as
// specified in requests and limits, describing each pod in the current
// scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics (the "pods" source).
#ResourceMetricSourceType: #MetricSourceType & "Resource"
// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as
// specified in requests and limits, describing a single container in each pod in the current
// scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics (the "pods" source).
#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource"
// ExternalMetricSourceType is a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
#ExternalMetricSourceType: #MetricSourceType & "External"
// ObjectMetricSource indicates how to scale on a metric describing a
// kubernetes object (for example, hits-per-second on an Ingress object).
#ObjectMetricSource: {
// describedObject specifies the descriptions of a object,such as kind,name apiVersion
describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes)
}
// PodsMetricSource indicates how to scale on a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
// The values will be averaged together before being compared to the target
// value.
#PodsMetricSource: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
}
// ResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). The values will be averaged
// together before being compared to the target. Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source. Only one "target" type
// should be set.
#ResourceMetricSource: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
}
// ContainerResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). The values will be averaged
// together before being compared to the target. Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source. Only one "target" type
// should be set.
#ContainerResourceMetricSource: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
// container is the name of the container in the pods of the scaling target
container: string @go(Container) @protobuf(3,bytes,opt)
}
// ExternalMetricSource indicates how to scale on a metric not associated with
// any Kubernetes object (for example length of queue in cloud
// messaging service, or QPS from loadbalancer running outside of cluster).
#ExternalMetricSource: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
}
// MetricIdentifier defines the name and optionally selector for a metric
#MetricIdentifier: {
// name is the name of the given metric
name: string @go(Name) @protobuf(1,bytes)
// selector is the string-encoded form of a standard kubernetes label selector for the given metric
// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
// When unset, just the metricName will be used to gather metrics.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes)
}
// MetricTarget defines the target value, average value, or average utilization of a specific metric
#MetricTarget: {
// type represents whether the metric type is Utilization, Value, or AverageValue
type: #MetricTargetType @go(Type) @protobuf(1,bytes)
// value is the target value of the metric (as a quantity).
// +optional
value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt)
// averageValue is the target value of the average of the
// metric across all relevant pods (as a quantity)
// +optional
averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
// averageUtilization is the target value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods.
// Currently only valid for Resource metric source type
// +optional
averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt)
}
// MetricTargetType specifies the type of metric being targeted, and should be either
// "Value", "AverageValue", or "Utilization"
#MetricTargetType: string // #enumMetricTargetType
#enumMetricTargetType:
#UtilizationMetricType |
#ValueMetricType |
#AverageValueMetricType
// UtilizationMetricType declares a MetricTarget is an AverageUtilization value
#UtilizationMetricType: #MetricTargetType & "Utilization"
// ValueMetricType declares a MetricTarget is a raw value
#ValueMetricType: #MetricTargetType & "Value"
// AverageValueMetricType declares a MetricTarget is an
#AverageValueMetricType: #MetricTargetType & "AverageValue"
// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler.
#HorizontalPodAutoscalerStatus: {
// observedGeneration is the most recent generation observed by this autoscaler.
// +optional
observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt)
// lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods,
// used by the autoscaler to control how often the number of pods is changed.
// +optional
lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt)
// currentReplicas is current number of replicas of pods managed by this autoscaler,
// as last seen by the autoscaler.
// +optional
currentReplicas?: int32 @go(CurrentReplicas) @protobuf(3,varint,opt)
// desiredReplicas is the desired number of replicas of pods managed by this autoscaler,
// as last calculated by the autoscaler.
desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt)
// currentMetrics is the last read state of the metrics used by this autoscaler.
// +listType=atomic
// +optional
currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep)
// conditions is the set of conditions required for this autoscaler to scale its target,
// and indicates whether or not those conditions are met.
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
// +optional
conditions?: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep)
}
// HorizontalPodAutoscalerConditionType are the valid conditions of
// a HorizontalPodAutoscaler.
#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType
#enumHorizontalPodAutoscalerConditionType:
#ScalingActive |
#AbleToScale |
#ScalingLimited
// ScalingActive indicates that the HPA controller is able to scale if necessary:
// it's correctly configured, can fetch the desired metrics, and isn't disabled.
#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive"
// AbleToScale indicates a lack of transient issues which prevent scaling from occurring,
// such as being in a backoff window, or being unable to access/update the target scale.
#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale"
// ScalingLimited indicates that the calculated scale based on metrics would be above or
// below the range for the HPA, and has thus been capped.
#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited"
// HorizontalPodAutoscalerCondition describes the state of
// a HorizontalPodAutoscaler at a certain point.
#HorizontalPodAutoscalerCondition: {
// type describes the current condition
type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes)
// status is the status of the condition (True, False, Unknown)
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes)
// lastTransitionTime is the last time the condition transitioned from
// one status to another
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// reason is the reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// message is a human-readable explanation containing details about
// the transition
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// MetricStatus describes the last-read state of a single metric.
#MetricStatus: {
// type is the type of metric source. It will be one of "ContainerResource", "External",
// "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
// Note: "ContainerResource" type is available on when the feature-gate
// HPAContainerMetrics is enabled
type: #MetricSourceType @go(Type) @protobuf(1,bytes)
// object refers to a metric describing a single kubernetes object
// (for example, hits-per-second on an Ingress object).
// +optional
object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt)
// pods refers to a metric describing each pod in the current scale target
// (for example, transactions-processed-per-second). The values will be
// averaged together before being compared to the target value.
// +optional
pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt)
// resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt)
// container resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing a single container in each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt)
// external refers to a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
// +optional
external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt)
}
// ObjectMetricStatus indicates the current value of a metric describing a
// kubernetes object (for example, hits-per-second on an Ingress object).
#ObjectMetricStatus: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
// DescribedObject specifies the descriptions of a object,such as kind,name apiVersion
describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes)
}
// PodsMetricStatus indicates the current value of a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
#PodsMetricStatus: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
}
// ResourceMetricStatus indicates the current value of a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source.
#ResourceMetricStatus: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
}
// ContainerResourceMetricStatus indicates the current value of a resource metric known to
// Kubernetes, as specified in requests and limits, describing a single container in each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source.
#ContainerResourceMetricStatus: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
// container is the name of the container in the pods of the scaling target
container: string @go(Container) @protobuf(3,bytes,opt)
}
// ExternalMetricStatus indicates the current value of a global metric
// not associated with any Kubernetes object.
#ExternalMetricStatus: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
}
// MetricValueStatus holds the current value for a metric
#MetricValueStatus: {
// value is the current value of the metric (as a quantity).
// +optional
value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt)
// averageValue is the current value of the average of the
// metric across all relevant pods (as a quantity)
// +optional
averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt)
// currentAverageUtilization is the current value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods.
// +optional
averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt)
}
// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects.
#HorizontalPodAutoscalerList: {
metav1.#TypeMeta
// metadata is the standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of horizontal pod autoscaler objects.
items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/batch/v1
package v1
#GroupName: "batch"

693
timoni/podinfo/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,693 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/batch/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
)
// All Kubernetes labels need to be prefixed with Kubernetes to distinguish them from end-user labels
// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions
_#labelPrefix: "batch.kubernetes.io/"
// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job.
// It records the original/expected scheduled timestamp for the running job, represented in RFC3339.
// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled.
#CronJobScheduledTimestampAnnotation: "batch.kubernetes.io/cronjob-scheduled-timestamp"
#JobCompletionIndexAnnotation: "batch.kubernetes.io/job-completion-index"
// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from
// being deleted before being accounted in the Job status.
//
// Additionally, the apiserver and job controller use this string as a Job
// annotation, to mark Jobs that are being tracked using pod finalizers.
// However, this behavior is deprecated in kubernetes 1.26. This means that, in
// 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the
// apiserver and job controller will ignore this annotation and they will
// always track jobs using finalizers.
#JobTrackingFinalizer: "batch.kubernetes.io/job-tracking"
// The Job labels will use batch.kubernetes.io as a prefix for all labels
// Historically the job controller uses unprefixed labels for job-name and controller-uid and
// Kubernetes continutes to recognize those unprefixed labels for consistency.
#JobNameLabel: "batch.kubernetes.io/job-name"
// ControllerUid is used to programatically get pods corresponding to a Job.
// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons.
#ControllerUidLabel: "batch.kubernetes.io/controller-uid"
// Annotation indicating the number of failures for the index corresponding
// to the pod, which are counted towards the backoff limit.
#JobIndexFailureCountAnnotation: "batch.kubernetes.io/job-index-failure-count"
// Annotation indicating the number of failures for the index corresponding
// to the pod, which don't count towards the backoff limit, according to the
// pod failure policy. When the annotation is absent zero is implied.
#JobIndexIgnoredFailureCountAnnotation: "batch.kubernetes.io/job-index-ignored-failure-count"
// Job represents the configuration of a single job.
#Job: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of a job.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt)
// Current status of a job.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #JobStatus @go(Status) @protobuf(3,bytes,opt)
}
// JobList is a collection of jobs.
#JobList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of Jobs.
items: [...#Job] @go(Items,[]Job) @protobuf(2,bytes,rep)
}
// CompletionMode specifies how Pod completions of a Job are tracked.
// +enum
#CompletionMode: string // #enumCompletionMode
#enumCompletionMode:
#NonIndexedCompletion |
#IndexedCompletion
// NonIndexedCompletion is a Job completion mode. In this mode, the Job is
// considered complete when there have been .spec.completions
// successfully completed Pods. Pod completions are homologous to each other.
#NonIndexedCompletion: #CompletionMode & "NonIndexed"
// IndexedCompletion is a Job completion mode. In this mode, the Pods of a
// Job get an associated completion index from 0 to (.spec.completions - 1).
// The Job is considered complete when a Pod completes for each completion
// index.
#IndexedCompletion: #CompletionMode & "Indexed"
// PodFailurePolicyAction specifies how a Pod failure is handled.
// +enum
#PodFailurePolicyAction: string // #enumPodFailurePolicyAction
#enumPodFailurePolicyAction:
#PodFailurePolicyActionFailJob |
#PodFailurePolicyActionFailIndex |
#PodFailurePolicyActionIgnore |
#PodFailurePolicyActionCount
// This is an action which might be taken on a pod failure - mark the
// pod's job as Failed and terminate all running pods.
#PodFailurePolicyActionFailJob: #PodFailurePolicyAction & "FailJob"
// This is an action which might be taken on a pod failure - mark the
// Job's index as failed to avoid restarts within this index. This action
// can only be used when backoffLimitPerIndex is set.
#PodFailurePolicyActionFailIndex: #PodFailurePolicyAction & "FailIndex"
// This is an action which might be taken on a pod failure - the counter towards
// .backoffLimit, represented by the job's .status.failed field, is not
// incremented and a replacement pod is created.
#PodFailurePolicyActionIgnore: #PodFailurePolicyAction & "Ignore"
// This is an action which might be taken on a pod failure - the pod failure
// is handled in the default way - the counter towards .backoffLimit,
// represented by the job's .status.failed field, is incremented.
#PodFailurePolicyActionCount: #PodFailurePolicyAction & "Count"
// +enum
#PodFailurePolicyOnExitCodesOperator: string // #enumPodFailurePolicyOnExitCodesOperator
#enumPodFailurePolicyOnExitCodesOperator:
#PodFailurePolicyOnExitCodesOpIn |
#PodFailurePolicyOnExitCodesOpNotIn
#PodFailurePolicyOnExitCodesOpIn: #PodFailurePolicyOnExitCodesOperator & "In"
#PodFailurePolicyOnExitCodesOpNotIn: #PodFailurePolicyOnExitCodesOperator & "NotIn"
// PodReplacementPolicy specifies the policy for creating pod replacements.
// +enum
#PodReplacementPolicy: string // #enumPodReplacementPolicy
#enumPodReplacementPolicy:
#TerminatingOrFailed |
#Failed
// TerminatingOrFailed means that we recreate pods
// when they are terminating (has a metadata.deletionTimestamp) or failed.
#TerminatingOrFailed: #PodReplacementPolicy & "TerminatingOrFailed"
// Failed means to wait until a previously created Pod is fully terminated (has phase
// Failed or Succeeded) before creating a replacement Pod.
#Failed: #PodReplacementPolicy & "Failed"
// PodFailurePolicyOnExitCodesRequirement describes the requirement for handling
// a failed pod based on its container exit codes. In particular, it lookups the
// .state.terminated.exitCode for each app container and init container status,
// represented by the .status.containerStatuses and .status.initContainerStatuses
// fields in the Pod status, respectively. Containers completed with success
// (exit code 0) are excluded from the requirement check.
#PodFailurePolicyOnExitCodesRequirement: {
// Restricts the check for exit codes to the container with the
// specified name. When null, the rule applies to all containers.
// When specified, it should match one the container or initContainer
// names in the pod template.
// +optional
containerName?: null | string @go(ContainerName,*string) @protobuf(1,bytes,opt)
// Represents the relationship between the container exit code(s) and the
// specified values. Containers completed with success (exit code 0) are
// excluded from the requirement check. Possible values are:
//
// - In: the requirement is satisfied if at least one container exit code
// (might be multiple if there are multiple containers not restricted
// by the 'containerName' field) is in the set of specified values.
// - NotIn: the requirement is satisfied if at least one container exit code
// (might be multiple if there are multiple containers not restricted
// by the 'containerName' field) is not in the set of specified values.
// Additional values are considered to be added in the future. Clients should
// react to an unknown operator by assuming the requirement is not satisfied.
operator: #PodFailurePolicyOnExitCodesOperator @go(Operator) @protobuf(2,bytes,req)
// Specifies the set of values. Each returned container exit code (might be
// multiple in case of multiple containers) is checked against this set of
// values with respect to the operator. The list of values must be ordered
// and must not contain duplicates. Value '0' cannot be used for the In operator.
// At least one element is required. At most 255 elements are allowed.
// +listType=set
values: [...int32] @go(Values,[]int32) @protobuf(3,varint,rep)
}
// PodFailurePolicyOnPodConditionsPattern describes a pattern for matching
// an actual pod condition type.
#PodFailurePolicyOnPodConditionsPattern: {
// Specifies the required Pod condition type. To match a pod condition
// it is required that specified type equals the pod condition type.
type: corev1.#PodConditionType @go(Type) @protobuf(1,bytes,req)
// Specifies the required Pod condition status. To match a pod condition
// it is required that the specified status equals the pod condition status.
// Defaults to True.
status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,req)
}
// PodFailurePolicyRule describes how a pod failure is handled when the requirements are met.
// One of onExitCodes and onPodConditions, but not both, can be used in each rule.
#PodFailurePolicyRule: {
// Specifies the action taken on a pod failure when the requirements are satisfied.
// Possible values are:
//
// - FailJob: indicates that the pod's job is marked as Failed and all
// running pods are terminated.
// - FailIndex: indicates that the pod's index is marked as Failed and will
// not be restarted.
// This value is alpha-level. It can be used when the
// `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
// - Ignore: indicates that the counter towards the .backoffLimit is not
// incremented and a replacement pod is created.
// - Count: indicates that the pod is handled in the default way - the
// counter towards the .backoffLimit is incremented.
// Additional values are considered to be added in the future. Clients should
// react to an unknown action by skipping the rule.
action: #PodFailurePolicyAction @go(Action) @protobuf(1,bytes,req)
// Represents the requirement on the container exit codes.
// +optional
onExitCodes?: null | #PodFailurePolicyOnExitCodesRequirement @go(OnExitCodes,*PodFailurePolicyOnExitCodesRequirement) @protobuf(2,bytes,opt)
// Represents the requirement on the pod conditions. The requirement is represented
// as a list of pod condition patterns. The requirement is satisfied if at
// least one pattern matches an actual pod condition. At most 20 elements are allowed.
// +listType=atomic
// +optional
onPodConditions: [...#PodFailurePolicyOnPodConditionsPattern] @go(OnPodConditions,[]PodFailurePolicyOnPodConditionsPattern) @protobuf(3,bytes,opt)
}
// PodFailurePolicy describes how failed pods influence the backoffLimit.
#PodFailurePolicy: {
// A list of pod failure policy rules. The rules are evaluated in order.
// Once a rule matches a Pod failure, the remaining of the rules are ignored.
// When no rule matches the Pod failure, the default handling applies - the
// counter of pod failures is incremented and it is checked against
// the backoffLimit. At most 20 elements are allowed.
// +listType=atomic
rules: [...#PodFailurePolicyRule] @go(Rules,[]PodFailurePolicyRule) @protobuf(1,bytes,opt)
}
// JobSpec describes how the job execution will look like.
#JobSpec: {
// Specifies the maximum desired number of pods the job should
// run at any given time. The actual number of pods running in steady state will
// be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism),
// i.e. when the work left to do is less than max parallelism.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
// +optional
parallelism?: null | int32 @go(Parallelism,*int32) @protobuf(1,varint,opt)
// Specifies the desired number of successfully finished pods the
// job should be run with. Setting to null means that the success of any
// pod signals the success of all pods, and allows parallelism to have any positive
// value. Setting to 1 means that parallelism is limited to 1 and the success of that
// pod signals the success of the job.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
// +optional
completions?: null | int32 @go(Completions,*int32) @protobuf(2,varint,opt)
// Specifies the duration in seconds relative to the startTime that the job
// may be continuously active before the system tries to terminate it; value
// must be positive integer. If a Job is suspended (at creation or through an
// update), this timer will effectively be stopped and reset when the Job is
// resumed again.
// +optional
activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(3,varint,opt)
// Specifies the policy of handling failed pods. In particular, it allows to
// specify the set of actions and conditions which need to be
// satisfied to take the associated action.
// If empty, the default behaviour applies - the counter of failed pods,
// represented by the jobs's .status.failed field, is incremented and it is
// checked against the backoffLimit. This field cannot be used in combination
// with restartPolicy=OnFailure.
//
// This field is beta-level. It can be used when the `JobPodFailurePolicy`
// feature gate is enabled (enabled by default).
// +optional
podFailurePolicy?: null | #PodFailurePolicy @go(PodFailurePolicy,*PodFailurePolicy) @protobuf(11,bytes,opt)
// Specifies the number of retries before marking this job failed.
// Defaults to 6
// +optional
backoffLimit?: null | int32 @go(BackoffLimit,*int32) @protobuf(7,varint,opt)
// Specifies the limit for the number of retries within an
// index before marking this index as failed. When enabled the number of
// failures per index is kept in the pod's
// batch.kubernetes.io/job-index-failure-count annotation. It can only
// be set when Job's completionMode=Indexed, and the Pod's restart
// policy is Never. The field is immutable.
// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
// feature gate is enabled (disabled by default).
// +optional
backoffLimitPerIndex?: null | int32 @go(BackoffLimitPerIndex,*int32) @protobuf(12,varint,opt)
// Specifies the maximal number of failed indexes before marking the Job as
// failed, when backoffLimitPerIndex is set. Once the number of failed
// indexes exceeds this number the entire Job is marked as Failed and its
// execution is terminated. When left as null the job continues execution of
// all of its indexes and is marked with the `Complete` Job condition.
// It can only be specified when backoffLimitPerIndex is set.
// It can be null or up to completions. It is required and must be
// less than or equal to 10^4 when is completions greater than 10^5.
// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
// feature gate is enabled (disabled by default).
// +optional
maxFailedIndexes?: null | int32 @go(MaxFailedIndexes,*int32) @protobuf(13,varint,opt)
// A label query over pods that should match the pod count.
// Normally, the system sets this field for you.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
// manualSelector controls generation of pod labels and pod selectors.
// Leave `manualSelector` unset unless you are certain what you are doing.
// When false or unset, the system pick labels unique to this job
// and appends those labels to the pod template. When true,
// the user is responsible for picking unique labels and specifying
// the selector. Failure to pick a unique label may cause this
// and other jobs to not function correctly. However, You may see
// `manualSelector=true` in jobs that were created with the old `extensions/v1beta1`
// API.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
// +optional
manualSelector?: null | bool @go(ManualSelector,*bool) @protobuf(5,varint,opt)
// Describes the pod that will be created when executing a job.
// The only allowed template.spec.restartPolicy values are "Never" or "OnFailure".
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
template: corev1.#PodTemplateSpec @go(Template) @protobuf(6,bytes,opt)
// ttlSecondsAfterFinished limits the lifetime of a Job that has finished
// execution (either Complete or Failed). If this field is set,
// ttlSecondsAfterFinished after the Job finishes, it is eligible to be
// automatically deleted. When the Job is being deleted, its lifecycle
// guarantees (e.g. finalizers) will be honored. If this field is unset,
// the Job won't be automatically deleted. If this field is set to zero,
// the Job becomes eligible to be deleted immediately after it finishes.
// +optional
ttlSecondsAfterFinished?: null | int32 @go(TTLSecondsAfterFinished,*int32) @protobuf(8,varint,opt)
// completionMode specifies how Pod completions are tracked. It can be
// `NonIndexed` (default) or `Indexed`.
//
// `NonIndexed` means that the Job is considered complete when there have
// been .spec.completions successfully completed Pods. Each Pod completion is
// homologous to each other.
//
// `Indexed` means that the Pods of a
// Job get an associated completion index from 0 to (.spec.completions - 1),
// available in the annotation batch.kubernetes.io/job-completion-index.
// The Job is considered complete when there is one successfully completed Pod
// for each index.
// When value is `Indexed`, .spec.completions must be specified and
// `.spec.parallelism` must be less than or equal to 10^5.
// In addition, The Pod name takes the form
// `$(job-name)-$(index)-$(random-string)`,
// the Pod hostname takes the form `$(job-name)-$(index)`.
//
// More completion modes can be added in the future.
// If the Job controller observes a mode that it doesn't recognize, which
// is possible during upgrades due to version skew, the controller
// skips updates for the Job.
// +optional
completionMode?: null | #CompletionMode @go(CompletionMode,*CompletionMode) @protobuf(9,bytes,opt,casttype=CompletionMode)
// suspend specifies whether the Job controller should create Pods or not. If
// a Job is created with suspend set to true, no Pods are created by the Job
// controller. If a Job is suspended after creation (i.e. the flag goes from
// false to true), the Job controller will delete all active Pods associated
// with this Job. Users must design their workload to gracefully handle this.
// Suspending a Job will reset the StartTime field of the Job, effectively
// resetting the ActiveDeadlineSeconds timer too. Defaults to false.
//
// +optional
suspend?: null | bool @go(Suspend,*bool) @protobuf(10,varint,opt)
// podReplacementPolicy specifies when to create replacement Pods.
// Possible values are:
// - TerminatingOrFailed means that we recreate pods
// when they are terminating (has a metadata.deletionTimestamp) or failed.
// - Failed means to wait until a previously created Pod is fully terminated (has phase
// Failed or Succeeded) before creating a replacement Pod.
//
// When using podFailurePolicy, Failed is the the only allowed value.
// TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
// This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
// +optional
podReplacementPolicy?: null | #PodReplacementPolicy @go(PodReplacementPolicy,*PodReplacementPolicy) @protobuf(14,bytes,opt,casttype=podReplacementPolicy)
}
// JobStatus represents the current state of a Job.
#JobStatus: {
// The latest available observations of an object's current state. When a Job
// fails, one of the conditions will have type "Failed" and status true. When
// a Job is suspended, one of the conditions will have type "Suspended" and
// status true; when the Job is resumed, the status of this condition will
// become false. When a Job is completed, one of the conditions will have
// type "Complete" and status true.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=atomic
conditions?: [...#JobCondition] @go(Conditions,[]JobCondition) @protobuf(1,bytes,rep)
// Represents time when the job controller started processing a job. When a
// Job is created in the suspended state, this field is not set until the
// first time it is resumed. This field is reset every time a Job is resumed
// from suspension. It is represented in RFC3339 form and is in UTC.
// +optional
startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(2,bytes,opt)
// Represents time when the job was completed. It is not guaranteed to
// be set in happens-before order across separate operations.
// It is represented in RFC3339 form and is in UTC.
// The completion time is only set when the job finishes successfully.
// +optional
completionTime?: null | metav1.#Time @go(CompletionTime,*metav1.Time) @protobuf(3,bytes,opt)
// The number of pending and running pods.
// +optional
active?: int32 @go(Active) @protobuf(4,varint,opt)
// The number of pods which reached phase Succeeded.
// +optional
succeeded?: int32 @go(Succeeded) @protobuf(5,varint,opt)
// The number of pods which reached phase Failed.
// +optional
failed?: int32 @go(Failed) @protobuf(6,varint,opt)
// The number of pods which are terminating (in phase Pending or Running
// and have a deletionTimestamp).
//
// This field is alpha-level. The job controller populates the field when
// the feature gate JobPodReplacementPolicy is enabled (disabled by default).
// +optional
terminating?: null | int32 @go(Terminating,*int32) @protobuf(11,varint,opt)
// completedIndexes holds the completed indexes when .spec.completionMode =
// "Indexed" in a text format. The indexes are represented as decimal integers
// separated by commas. The numbers are listed in increasing order. Three or
// more consecutive numbers are compressed and represented by the first and
// last element of the series, separated by a hyphen.
// For example, if the completed indexes are 1, 3, 4, 5 and 7, they are
// represented as "1,3-5,7".
// +optional
completedIndexes?: string @go(CompletedIndexes) @protobuf(7,bytes,opt)
// FailedIndexes holds the failed indexes when backoffLimitPerIndex=true.
// The indexes are represented in the text format analogous as for the
// `completedIndexes` field, ie. they are kept as decimal integers
// separated by commas. The numbers are listed in increasing order. Three or
// more consecutive numbers are compressed and represented by the first and
// last element of the series, separated by a hyphen.
// For example, if the failed indexes are 1, 3, 4, 5 and 7, they are
// represented as "1,3-5,7".
// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
// feature gate is enabled (disabled by default).
// +optional
failedIndexes?: null | string @go(FailedIndexes,*string) @protobuf(10,bytes,opt)
// uncountedTerminatedPods holds the UIDs of Pods that have terminated but
// the job controller hasn't yet accounted for in the status counters.
//
// The job controller creates pods with a finalizer. When a pod terminates
// (succeeded or failed), the controller does three steps to account for it
// in the job status:
//
// 1. Add the pod UID to the arrays in this field.
// 2. Remove the pod finalizer.
// 3. Remove the pod UID from the arrays while increasing the corresponding
// counter.
//
// Old jobs might not be tracked using this field, in which case the field
// remains null.
// +optional
uncountedTerminatedPods?: null | #UncountedTerminatedPods @go(UncountedTerminatedPods,*UncountedTerminatedPods) @protobuf(8,bytes,opt)
// The number of pods which have a Ready condition.
//
// This field is beta-level. The job controller populates the field when
// the feature gate JobReadyPods is enabled (enabled by default).
// +optional
ready?: null | int32 @go(Ready,*int32) @protobuf(9,varint,opt)
}
// UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't
// been accounted in Job status counters.
#UncountedTerminatedPods: {
// succeeded holds UIDs of succeeded Pods.
// +listType=set
// +optional
succeeded?: [...types.#UID] @go(Succeeded,[]types.UID) @protobuf(1,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID)
// failed holds UIDs of failed Pods.
// +listType=set
// +optional
failed?: [...types.#UID] @go(Failed,[]types.UID) @protobuf(2,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID)
}
#JobConditionType: string // #enumJobConditionType
#enumJobConditionType:
#JobSuspended |
#JobComplete |
#JobFailed |
#JobFailureTarget
// JobSuspended means the job has been suspended.
#JobSuspended: #JobConditionType & "Suspended"
// JobComplete means the job has completed its execution.
#JobComplete: #JobConditionType & "Complete"
// JobFailed means the job has failed its execution.
#JobFailed: #JobConditionType & "Failed"
// FailureTarget means the job is about to fail its execution.
#JobFailureTarget: #JobConditionType & "FailureTarget"
// JobCondition describes current state of a job.
#JobCondition: {
// Type of job condition, Complete or Failed.
type: #JobConditionType @go(Type) @protobuf(1,bytes,opt,casttype=JobConditionType)
// Status of the condition, one of True, False, Unknown.
status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition was checked.
// +optional
lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
// Last time the condition transit from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
// (brief) reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(5,bytes,opt)
// Human readable message indicating details about last transition.
// +optional
message?: string @go(Message) @protobuf(6,bytes,opt)
}
// JobTemplateSpec describes the data a Job should have when created from a template
#JobTemplateSpec: {
// Standard object's metadata of the jobs created from this template.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the job.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt)
}
// CronJob represents the configuration of a single cron job.
#CronJob: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of a cron job, including the schedule.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #CronJobSpec @go(Spec) @protobuf(2,bytes,opt)
// Current status of a cron job.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #CronJobStatus @go(Status) @protobuf(3,bytes,opt)
}
// CronJobList is a collection of cron jobs.
#CronJobList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of CronJobs.
items: [...#CronJob] @go(Items,[]CronJob) @protobuf(2,bytes,rep)
}
// CronJobSpec describes how the job execution will look like and when it will actually run.
#CronJobSpec: {
// The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
schedule: string @go(Schedule) @protobuf(1,bytes,opt)
// The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
// If not specified, this will default to the time zone of the kube-controller-manager process.
// The set of valid time zone names and the time zone offset is loaded from the system-wide time zone
// database by the API server during CronJob validation and the controller manager during execution.
// If no system-wide time zone database can be found a bundled version of the database is used instead.
// If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host
// configuration, the controller will stop creating new new Jobs and will create a system event with the
// reason UnknownTimeZone.
// More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones
// +optional
timeZone?: null | string @go(TimeZone,*string) @protobuf(8,bytes,opt)
// Optional deadline in seconds for starting the job if it misses scheduled
// time for any reason. Missed jobs executions will be counted as failed ones.
// +optional
startingDeadlineSeconds?: null | int64 @go(StartingDeadlineSeconds,*int64) @protobuf(2,varint,opt)
// Specifies how to treat concurrent executions of a Job.
// Valid values are:
//
// - "Allow" (default): allows CronJobs to run concurrently;
// - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet;
// - "Replace": cancels currently running job and replaces it with a new one
// +optional
concurrencyPolicy?: #ConcurrencyPolicy @go(ConcurrencyPolicy) @protobuf(3,bytes,opt,casttype=ConcurrencyPolicy)
// This flag tells the controller to suspend subsequent executions, it does
// not apply to already started executions. Defaults to false.
// +optional
suspend?: null | bool @go(Suspend,*bool) @protobuf(4,varint,opt)
// Specifies the job that will be created when executing a CronJob.
jobTemplate: #JobTemplateSpec @go(JobTemplate) @protobuf(5,bytes,opt)
// The number of successful finished jobs to retain. Value must be non-negative integer.
// Defaults to 3.
// +optional
successfulJobsHistoryLimit?: null | int32 @go(SuccessfulJobsHistoryLimit,*int32) @protobuf(6,varint,opt)
// The number of failed finished jobs to retain. Value must be non-negative integer.
// Defaults to 1.
// +optional
failedJobsHistoryLimit?: null | int32 @go(FailedJobsHistoryLimit,*int32) @protobuf(7,varint,opt)
}
// ConcurrencyPolicy describes how the job will be handled.
// Only one of the following concurrent policies may be specified.
// If none of the following policies is specified, the default one
// is AllowConcurrent.
// +enum
#ConcurrencyPolicy: string // #enumConcurrencyPolicy
#enumConcurrencyPolicy:
#AllowConcurrent |
#ForbidConcurrent |
#ReplaceConcurrent
// AllowConcurrent allows CronJobs to run concurrently.
#AllowConcurrent: #ConcurrencyPolicy & "Allow"
// ForbidConcurrent forbids concurrent runs, skipping next run if previous
// hasn't finished yet.
#ForbidConcurrent: #ConcurrencyPolicy & "Forbid"
// ReplaceConcurrent cancels currently running job and replaces it with a new one.
#ReplaceConcurrent: #ConcurrencyPolicy & "Replace"
// CronJobStatus represents the current state of a cron job.
#CronJobStatus: {
// A list of pointers to currently running jobs.
// +optional
// +listType=atomic
active?: [...corev1.#ObjectReference] @go(Active,[]corev1.ObjectReference) @protobuf(1,bytes,rep)
// Information when was the last time the job was successfully scheduled.
// +optional
lastScheduleTime?: null | metav1.#Time @go(LastScheduleTime,*metav1.Time) @protobuf(4,bytes,opt)
// Information when was the last time the job successfully completed.
// +optional
lastSuccessfulTime?: null | metav1.#Time @go(LastSuccessfulTime,*metav1.Time) @protobuf(5,bytes,opt)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/certificates/v1
package v1
#GroupName: "certificates.k8s.io"

318
timoni/podinfo/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,318 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/certificates/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
)
// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates
// by submitting a certificate signing request, and having it asynchronously approved and issued.
//
// Kubelets use this API to obtain:
// 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
// 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
//
// This API can be used to request client certificates to authenticate to kube-apiserver
// (with the "kubernetes.io/kube-apiserver-client" signerName),
// or to obtain certificates from custom non-Kubernetes signers.
#CertificateSigningRequest: {
metav1.#TypeMeta
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec contains the certificate request, and is immutable after creation.
// Only the request, signerName, expirationSeconds, and usages fields can be set on creation.
// Other fields are derived by Kubernetes and cannot be modified by users.
spec: #CertificateSigningRequestSpec @go(Spec) @protobuf(2,bytes,opt)
// status contains information about whether the request is approved or denied,
// and the certificate issued by the signer, or the failure condition indicating signer failure.
// +optional
status?: #CertificateSigningRequestStatus @go(Status) @protobuf(3,bytes,opt)
}
// CertificateSigningRequestSpec contains the certificate request.
#CertificateSigningRequestSpec: {
// request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
// When serialized as JSON or YAML, the data is additionally base64-encoded.
// +listType=atomic
request: bytes @go(Request,[]byte) @protobuf(1,bytes,opt)
// signerName indicates the requested signer, and is a qualified name.
//
// List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
//
// Well-known Kubernetes signers are:
// 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
// Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
// 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
// Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
// 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
// Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
//
// More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
//
// Custom signerNames can also be specified. The signer defines:
// 1. Trust distribution: how trust (CA bundles) are distributed.
// 2. Permitted subjects: and behavior when a disallowed subject is requested.
// 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
// 4. Required, permitted, or forbidden key usages / extended key usages.
// 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
// 6. Whether or not requests for CA certificates are allowed.
signerName: string @go(SignerName) @protobuf(7,bytes,opt)
// expirationSeconds is the requested duration of validity of the issued
// certificate. The certificate signer may issue a certificate with a different
// validity duration so a client must check the delta between the notBefore and
// and notAfter fields in the issued certificate to determine the actual duration.
//
// The v1.22+ in-tree implementations of the well-known Kubernetes signers will
// honor this field as long as the requested duration is not greater than the
// maximum duration they will honor per the --cluster-signing-duration CLI
// flag to the Kubernetes controller manager.
//
// Certificate signers may not honor this field for various reasons:
//
// 1. Old signer that is unaware of the field (such as the in-tree
// implementations prior to v1.22)
// 2. Signer whose configured maximum is shorter than the requested duration
// 3. Signer whose configured minimum is longer than the requested duration
//
// The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
//
// +optional
expirationSeconds?: null | int32 @go(ExpirationSeconds,*int32) @protobuf(8,varint,opt)
// usages specifies a set of key usages requested in the issued certificate.
//
// Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
//
// Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
//
// Valid values are:
// "signing", "digital signature", "content commitment",
// "key encipherment", "key agreement", "data encipherment",
// "cert sign", "crl sign", "encipher only", "decipher only", "any",
// "server auth", "client auth",
// "code signing", "email protection", "s/mime",
// "ipsec end system", "ipsec tunnel", "ipsec user",
// "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
// +listType=atomic
usages?: [...#KeyUsage] @go(Usages,[]KeyUsage) @protobuf(5,bytes,opt)
// username contains the name of the user that created the CertificateSigningRequest.
// Populated by the API server on creation and immutable.
// +optional
username?: string @go(Username) @protobuf(2,bytes,opt)
// uid contains the uid of the user that created the CertificateSigningRequest.
// Populated by the API server on creation and immutable.
// +optional
uid?: string @go(UID) @protobuf(3,bytes,opt)
// groups contains group membership of the user that created the CertificateSigningRequest.
// Populated by the API server on creation and immutable.
// +listType=atomic
// +optional
groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep)
// extra contains extra attributes of the user that created the CertificateSigningRequest.
// Populated by the API server on creation and immutable.
// +optional
extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(6,bytes,rep)
}
// "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver.
// Never auto-approved by kube-controller-manager.
// Can be issued by the "csrsigning" controller in kube-controller-manager.
#KubeAPIServerClientSignerName: "kubernetes.io/kube-apiserver-client"
// "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver.
// Can be auto-approved by the "csrapproving" controller in kube-controller-manager.
// Can be issued by the "csrsigning" controller in kube-controller-manager.
#KubeAPIServerClientKubeletSignerName: "kubernetes.io/kube-apiserver-client-kubelet"
// "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints,
// which kube-apiserver can connect to securely.
// Never auto-approved by kube-controller-manager.
// Can be issued by the "csrsigning" controller in kube-controller-manager.
#KubeletServingSignerName: "kubernetes.io/kubelet-serving"
// ExtraValue masks the value so protobuf can generate
// +protobuf.nullable=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
#ExtraValue: [...string]
// CertificateSigningRequestStatus contains conditions used to indicate
// approved/denied/failed status of the request, and the issued certificate.
#CertificateSigningRequestStatus: {
// conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
// +listType=map
// +listMapKey=type
// +optional
conditions?: [...#CertificateSigningRequestCondition] @go(Conditions,[]CertificateSigningRequestCondition) @protobuf(1,bytes,rep)
// certificate is populated with an issued certificate by the signer after an Approved condition is present.
// This field is set via the /status subresource. Once populated, this field is immutable.
//
// If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty.
// If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
//
// Validation requirements:
// 1. certificate must contain one or more PEM blocks.
// 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data
// must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280.
// 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
// to allow for explanatory text as described in section 5.2 of RFC7468.
//
// If more than one PEM block is present, and the definition of the requested spec.signerName
// does not indicate otherwise, the first block is the issued certificate,
// and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
//
// The certificate is encoded in PEM format.
//
// When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of:
//
// base64(
// -----BEGIN CERTIFICATE-----
// ...
// -----END CERTIFICATE-----
// )
//
// +listType=atomic
// +optional
certificate?: bytes @go(Certificate,[]byte) @protobuf(2,bytes,opt)
}
// RequestConditionType is the type of a CertificateSigningRequestCondition
#RequestConditionType: string // #enumRequestConditionType
#enumRequestConditionType:
#CertificateApproved |
#CertificateDenied |
#CertificateFailed
// Approved indicates the request was approved and should be issued by the signer.
#CertificateApproved: #RequestConditionType & "Approved"
// Denied indicates the request was denied and should not be issued by the signer.
#CertificateDenied: #RequestConditionType & "Denied"
// Failed indicates the signer failed to issue the certificate.
#CertificateFailed: #RequestConditionType & "Failed"
// CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object
#CertificateSigningRequestCondition: {
// type of the condition. Known conditions are "Approved", "Denied", and "Failed".
//
// An "Approved" condition is added via the /approval subresource,
// indicating the request was approved and should be issued by the signer.
//
// A "Denied" condition is added via the /approval subresource,
// indicating the request was denied and should not be issued by the signer.
//
// A "Failed" condition is added via the /status subresource,
// indicating the signer failed to issue the certificate.
//
// Approved and Denied conditions are mutually exclusive.
// Approved, Denied, and Failed conditions cannot be removed once added.
//
// Only one condition of a given type is allowed.
type: #RequestConditionType @go(Type) @protobuf(1,bytes,opt,casttype=RequestConditionType)
// status of the condition, one of True, False, Unknown.
// Approved, Denied, and Failed conditions may not be "False" or "Unknown".
status: v1.#ConditionStatus @go(Status) @protobuf(6,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// reason indicates a brief reason for the request state
// +optional
reason?: string @go(Reason) @protobuf(2,bytes,opt)
// message contains a human readable message with details about the request state
// +optional
message?: string @go(Message) @protobuf(3,bytes,opt)
// lastUpdateTime is the time of the last update to this condition
// +optional
lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(4,bytes,opt)
// lastTransitionTime is the time the condition last transitioned from one status to another.
// If unset, when a new condition type is added or an existing condition's status is changed,
// the server defaults this to the current time.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(5,bytes,opt)
}
// CertificateSigningRequestList is a collection of CertificateSigningRequest objects
#CertificateSigningRequestList: {
metav1.#TypeMeta
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is a collection of CertificateSigningRequest objects
items: [...#CertificateSigningRequest] @go(Items,[]CertificateSigningRequest) @protobuf(2,bytes,rep)
}
// KeyUsage specifies valid usage contexts for keys.
// See:
//
// https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
//
// +enum
#KeyUsage: string // #enumKeyUsage
#enumKeyUsage:
#UsageSigning |
#UsageDigitalSignature |
#UsageContentCommitment |
#UsageKeyEncipherment |
#UsageKeyAgreement |
#UsageDataEncipherment |
#UsageCertSign |
#UsageCRLSign |
#UsageEncipherOnly |
#UsageDecipherOnly |
#UsageAny |
#UsageServerAuth |
#UsageClientAuth |
#UsageCodeSigning |
#UsageEmailProtection |
#UsageSMIME |
#UsageIPsecEndSystem |
#UsageIPsecTunnel |
#UsageIPsecUser |
#UsageTimestamping |
#UsageOCSPSigning |
#UsageMicrosoftSGC |
#UsageNetscapeSGC
#UsageSigning: #KeyUsage & "signing"
#UsageDigitalSignature: #KeyUsage & "digital signature"
#UsageContentCommitment: #KeyUsage & "content commitment"
#UsageKeyEncipherment: #KeyUsage & "key encipherment"
#UsageKeyAgreement: #KeyUsage & "key agreement"
#UsageDataEncipherment: #KeyUsage & "data encipherment"
#UsageCertSign: #KeyUsage & "cert sign"
#UsageCRLSign: #KeyUsage & "crl sign"
#UsageEncipherOnly: #KeyUsage & "encipher only"
#UsageDecipherOnly: #KeyUsage & "decipher only"
#UsageAny: #KeyUsage & "any"
#UsageServerAuth: #KeyUsage & "server auth"
#UsageClientAuth: #KeyUsage & "client auth"
#UsageCodeSigning: #KeyUsage & "code signing"
#UsageEmailProtection: #KeyUsage & "email protection"
#UsageSMIME: #KeyUsage & "s/mime"
#UsageIPsecEndSystem: #KeyUsage & "ipsec end system"
#UsageIPsecTunnel: #KeyUsage & "ipsec tunnel"
#UsageIPsecUser: #KeyUsage & "ipsec user"
#UsageTimestamping: #KeyUsage & "timestamping"
#UsageOCSPSigning: #KeyUsage & "ocsp signing"
#UsageMicrosoftSGC: #KeyUsage & "microsoft sgc"
#UsageNetscapeSGC: #KeyUsage & "netscape sgc"

7
timoni/podinfo/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/coordination/v1
package v1
#GroupName: "coordination.k8s.io"

61
timoni/podinfo/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,61 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/coordination/v1
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Lease defines a lease concept.
#Lease: {
metav1.#TypeMeta
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec contains the specification of the Lease.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #LeaseSpec @go(Spec) @protobuf(2,bytes,opt)
}
// LeaseSpec is a specification of a Lease.
#LeaseSpec: {
// holderIdentity contains the identity of the holder of a current lease.
// +optional
holderIdentity?: null | string @go(HolderIdentity,*string) @protobuf(1,bytes,opt)
// leaseDurationSeconds is a duration that candidates for a lease need
// to wait to force acquire it. This is measure against time of last
// observed renewTime.
// +optional
leaseDurationSeconds?: null | int32 @go(LeaseDurationSeconds,*int32) @protobuf(2,varint,opt)
// acquireTime is a time when the current lease was acquired.
// +optional
acquireTime?: null | metav1.#MicroTime @go(AcquireTime,*metav1.MicroTime) @protobuf(3,bytes,opt)
// renewTime is a time when the current holder of a lease has last
// updated the lease.
// +optional
renewTime?: null | metav1.#MicroTime @go(RenewTime,*metav1.MicroTime) @protobuf(4,bytes,opt)
// leaseTransitions is the number of transitions of a lease between
// holders.
// +optional
leaseTransitions?: null | int32 @go(LeaseTransitions,*int32) @protobuf(5,varint,opt)
}
// LeaseList is a list of Lease objects.
#LeaseList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is a list of schema objects.
items: [...#Lease] @go(Items,[]Lease) @protobuf(2,bytes,rep)
}

147
timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue Normal file
View File

@@ -0,0 +1,147 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
// webhook backend fails.
#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open"
// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
#MirrorPodAnnotationKey: "kubernetes.io/config.mirror"
// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
// in the Annotations of a Pod.
#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations"
// TaintsAnnotationKey represents the key of taints data (json serialized)
// in the Annotations of a Node.
#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints"
// SeccompPodAnnotationKey represents the key of a seccomp profile applied
// to all containers of a pod.
// Deprecated: set a pod security context `seccompProfile` field.
#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod"
// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
// to one container of a pod.
// Deprecated: set a container security context `seccompProfile` field.
#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/"
// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
#SeccompProfileRuntimeDefault: "runtime/default"
// SeccompProfileNameUnconfined is the unconfined seccomp profile.
#SeccompProfileNameUnconfined: "unconfined"
// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
#SeccompLocalhostProfileNamePrefix: "localhost/"
// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/"
// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName"
// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames"
// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
#AppArmorBetaProfileRuntimeDefault: "runtime/default"
// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
#AppArmorBetaProfileNamePrefix: "localhost/"
// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
#AppArmorBetaProfileNameUnconfined: "unconfined"
// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
#DeprecatedSeccompProfileDockerDefault: "docker/default"
// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
// in the Annotations of a Node.
#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods"
// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
// an object (e.g. secret, config map) before fetching it again from apiserver.
// This annotation can be attached to node.
#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl"
// annotation key prefix used to identify non-convertible json paths.
#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io"
_#kubectlPrefix: "kubectl.kubernetes.io/"
// LastAppliedConfigAnnotation is the annotation used to store the previous
// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration"
// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
//
// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
// access only from the CIDRs currently allocated to MIT & the USPS.
//
// Not all cloud providers support this annotation, though AWS & GCE do.
#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges"
// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
// of the last change, of some Pod or Service object, that triggered the endpoints object change.
// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
// controller at T1, and the Endpoints object was changed at T2, the
// EndpointsLastChangeTriggerTime would be set to T0.
//
// The "endpoints change trigger" here means any Pod or Service change that resulted in the
// Endpoints object change.
//
// Given the definition of the "endpoints change trigger", please note that this annotation will
// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
// already set).
//
// This annotation will be used to compute the in-cluster network programming latency SLI, see
// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time"
// EndpointsOverCapacity will be set on an Endpoints resource when it
// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
// controller will set this annotation with a value of "warning". In a
// future release, the controller may set this annotation with a value of
// "truncated" to indicate that any addresses exceeding the limit of 1000
// have been truncated from the Endpoints resource.
#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity"
// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
// CSI Backend for a volume plugin on a specific node.
#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins"
// PodDeletionCost can be used to set to an int32 that represent the cost of deleting
// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower
// deletion cost are preferred to be deleted before pods with higher deletion cost.
// Note that this is honored on a best-effort basis, and so it does not offer guarantees on
// pod deletion order.
// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted.
//
// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled.
#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost"
// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable
// Topology Aware Hints for a Service. This may be set to "Auto" or
// "Disabled". Any other value is treated as "Disabled". This annotation has
// been deprecated in favor of the "service.kubernetes.io/topology-mode"
// annotation.
#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints"
// AnnotationTopologyMode can be used to enable or disable Topology Aware
// Routing for a Service. Well known values are "Auto" and "Disabled".
// Implementations may choose to develop new topology approaches, exposing
// them with domain-prefixed values. For example, "example.com/lowest-rtt"
// could be a valid implementation-specific value for this annotation. These
// heuristics will often populate topology hints on EndpointSlices, but that
// is not a requirement.
#AnnotationTopologyMode: "service.kubernetes.io/topology-mode"

6
timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,6 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
// Package v1 is the v1 version of the core API.
package v1

7
timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
#GroupName: ""

7617
timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue Normal file
View File

File diff suppressed because it is too large Load Diff

59
timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue Normal file
View File

@@ -0,0 +1,59 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
#LabelHostname: "kubernetes.io/hostname"
// Label value is the network location of kube-apiserver stored as <ip:port>
// Stored in APIServer Identity lease objects to view what address is used for peer proxy
#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address"
#LabelTopologyZone: "topology.kubernetes.io/zone"
#LabelTopologyRegion: "topology.kubernetes.io/region"
// These label have been deprecated since 1.17, but will be supported for
// the foreseeable future, to accommodate things like long-lived PVs that
// use them. New users should prefer the "topology.kubernetes.io/*"
// equivalents.
#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone"
#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region"
// Retained for compat when vendored. Do not use these consts in new code.
#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone"
#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region"
#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone"
#LabelZoneRegionStable: "topology.kubernetes.io/region"
#LabelInstanceType: "beta.kubernetes.io/instance-type"
#LabelInstanceTypeStable: "node.kubernetes.io/instance-type"
#LabelOSStable: "kubernetes.io/os"
#LabelArchStable: "kubernetes.io/arch"
// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0.
// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763)
#LabelWindowsBuild: "node.kubernetes.io/windows-build"
// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*)
#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io"
// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*)
#LabelNamespaceSuffixNode: "node.kubernetes.io"
// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled
#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io"
// IsHeadlessService is added by Controller to an Endpoint denoting if its parent
// Service is Headless. The existence of this label can be used further by other
// controllers and kube-proxy to check if the Endpoint objects should be replicated when
// using Headless Services
#IsHeadlessService: "service.kubernetes.io/headless"
// LabelNodeExcludeBalancers specifies that the node should not be considered as a target
// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only
// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that
// any backends on excluded nodes are not reachable by those external load-balancers.
// Implementations of this exclusion may vary based on provider.
#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers"
// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels
#LabelMetadataName: "kubernetes.io/metadata.name"

38
timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue Normal file
View File

@@ -0,0 +1,38 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
// TaintNodeNotReady will be added when node is not ready
// and removed when node becomes ready.
#TaintNodeNotReady: "node.kubernetes.io/not-ready"
// TaintNodeUnreachable will be added when node becomes unreachable
// (corresponding to NodeReady status ConditionUnknown)
// and removed when node becomes reachable (NodeReady status ConditionTrue).
#TaintNodeUnreachable: "node.kubernetes.io/unreachable"
// TaintNodeUnschedulable will be added when node becomes unschedulable
// and removed when node becomes schedulable.
#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable"
// TaintNodeMemoryPressure will be added when node has memory pressure
// and removed when node has enough memory.
#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure"
// TaintNodeDiskPressure will be added when node has disk pressure
// and removed when node has enough disk.
#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure"
// TaintNodeNetworkUnavailable will be added when node's network is unavailable
// and removed when network becomes ready.
#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable"
// TaintNodePIDPressure will be added when node has pid pressure
// and removed when node has enough pid.
#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure"
// TaintNodeOutOfService can be added when node is out of service in case of
// a non-graceful shutdown
#TaintNodeOutOfService: "node.kubernetes.io/out-of-service"

7
timoni/podinfo/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/discovery/v1
package v1
#GroupName: "discovery.k8s.io"

206
timoni/podinfo/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,206 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/discovery/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
)
// EndpointSlice represents a subset of the endpoints that implement a service.
// For a given service there may be multiple EndpointSlice objects, selected by
// labels, which must be joined to produce the full set of endpoints.
#EndpointSlice: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// addressType specifies the type of address carried by this EndpointSlice.
// All addresses in this slice must be the same type. This field is
// immutable after creation. The following address types are currently
// supported:
// * IPv4: Represents an IPv4 Address.
// * IPv6: Represents an IPv6 Address.
// * FQDN: Represents a Fully Qualified Domain Name.
addressType: #AddressType @go(AddressType) @protobuf(4,bytes,rep)
// endpoints is a list of unique endpoints in this slice. Each slice may
// include a maximum of 1000 endpoints.
// +listType=atomic
endpoints: [...#Endpoint] @go(Endpoints,[]Endpoint) @protobuf(2,bytes,rep)
// ports specifies the list of network ports exposed by each endpoint in
// this slice. Each port must have a unique name. When ports is empty, it
// indicates that there are no defined ports. When a port is defined with a
// nil port value, it indicates "all ports". Each slice may include a
// maximum of 100 ports.
// +optional
// +listType=atomic
ports: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep)
}
// AddressType represents the type of address referred to by an endpoint.
// +enum
#AddressType: string // #enumAddressType
#enumAddressType:
#AddressTypeIPv4 |
#AddressTypeIPv6 |
#AddressTypeFQDN
// AddressTypeIPv4 represents an IPv4 Address.
#AddressTypeIPv4: #AddressType & "IPv4"
// AddressTypeIPv6 represents an IPv6 Address.
#AddressTypeIPv6: #AddressType & "IPv6"
// AddressTypeFQDN represents a FQDN.
#AddressTypeFQDN: #AddressType & "FQDN"
// Endpoint represents a single logical "backend" implementing a service.
#Endpoint: {
// addresses of this endpoint. The contents of this field are interpreted
// according to the corresponding EndpointSlice addressType field. Consumers
// must handle different types of addresses in the context of their own
// capabilities. This must contain at least one address but no more than
// 100. These are all assumed to be fungible and clients may choose to only
// use the first element. Refer to: https://issue.k8s.io/106267
// +listType=set
addresses: [...string] @go(Addresses,[]string) @protobuf(1,bytes,rep)
// conditions contains information about the current status of the endpoint.
conditions?: #EndpointConditions @go(Conditions) @protobuf(2,bytes,opt)
// hostname of this endpoint. This field may be used by consumers of
// endpoints to distinguish endpoints from each other (e.g. in DNS names).
// Multiple endpoints which use the same hostname should be considered
// fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS
// Label (RFC 1123) validation.
// +optional
hostname?: null | string @go(Hostname,*string) @protobuf(3,bytes,opt)
// targetRef is a reference to a Kubernetes object that represents this
// endpoint.
// +optional
targetRef?: null | v1.#ObjectReference @go(TargetRef,*v1.ObjectReference) @protobuf(4,bytes,opt)
// deprecatedTopology contains topology information part of the v1beta1
// API. This field is deprecated, and will be removed when the v1beta1
// API is removed (no sooner than kubernetes v1.24). While this field can
// hold values, it is not writable through the v1 API, and any attempts to
// write to it will be silently ignored. Topology information can be found
// in the zone and nodeName fields instead.
// +optional
deprecatedTopology?: {[string]: string} @go(DeprecatedTopology,map[string]string) @protobuf(5,bytes,opt)
// nodeName represents the name of the Node hosting this endpoint. This can
// be used to determine endpoints local to a Node.
// +optional
nodeName?: null | string @go(NodeName,*string) @protobuf(6,bytes,opt)
// zone is the name of the Zone this endpoint exists in.
// +optional
zone?: null | string @go(Zone,*string) @protobuf(7,bytes,opt)
// hints contains information associated with how an endpoint should be
// consumed.
// +optional
hints?: null | #EndpointHints @go(Hints,*EndpointHints) @protobuf(8,bytes,opt)
}
// EndpointConditions represents the current condition of an endpoint.
#EndpointConditions: {
// ready indicates that this endpoint is prepared to receive traffic,
// according to whatever system is managing the endpoint. A nil value
// indicates an unknown state. In most cases consumers should interpret this
// unknown state as ready. For compatibility reasons, ready should never be
// "true" for terminating endpoints, except when the normal readiness
// behavior is being explicitly overridden, for example when the associated
// Service has set the publishNotReadyAddresses flag.
// +optional
ready?: null | bool @go(Ready,*bool) @protobuf(1,bytes)
// serving is identical to ready except that it is set regardless of the
// terminating state of endpoints. This condition should be set to true for
// a ready endpoint that is terminating. If nil, consumers should defer to
// the ready condition.
// +optional
serving?: null | bool @go(Serving,*bool) @protobuf(2,bytes)
// terminating indicates that this endpoint is terminating. A nil value
// indicates an unknown state. Consumers should interpret this unknown state
// to mean that the endpoint is not terminating.
// +optional
terminating?: null | bool @go(Terminating,*bool) @protobuf(3,bytes)
}
// EndpointHints provides hints describing how an endpoint should be consumed.
#EndpointHints: {
// forZones indicates the zone(s) this endpoint should be consumed by to
// enable topology aware routing.
// +listType=atomic
forZones?: [...#ForZone] @go(ForZones,[]ForZone) @protobuf(1,bytes)
}
// ForZone provides information about which zones should consume this endpoint.
#ForZone: {
// name represents the name of the zone.
name: string @go(Name) @protobuf(1,bytes)
}
// EndpointPort represents a Port used by an EndpointSlice
// +structType=atomic
#EndpointPort: {
// name represents the name of this port. All ports in an EndpointSlice must have a unique name.
// If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name.
// Name must either be an empty string or pass DNS_LABEL validation:
// * must be no more than 63 characters long.
// * must consist of lower case alphanumeric characters or '-'.
// * must start and end with an alphanumeric character.
// Default is empty string.
name?: null | string @go(Name,*string) @protobuf(1,bytes)
// protocol represents the IP protocol for this port.
// Must be UDP, TCP, or SCTP.
// Default is TCP.
protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(2,bytes)
// port represents the port number of the endpoint.
// If this is not specified, ports are not restricted and must be
// interpreted in the context of the specific consumer.
port?: null | int32 @go(Port,*int32) @protobuf(3,bytes,opt)
// The application protocol for this port.
// This is used as a hint for implementations to offer richer behavior for protocols that they understand.
// This field follows standard Kubernetes label syntax.
// Valid values are either:
//
// * Un-prefixed protocol names - reserved for IANA standard service names (as per
// RFC-6335 and https://www.iana.org/assignments/service-names).
//
// * Kubernetes-defined prefixed names:
// * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
//
// * Other protocols should use implementation-defined prefixed names such as
// mycompany.com/my-custom-protocol.
// +optional
appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes)
}
// EndpointSliceList represents a list of endpoint slices
#EndpointSliceList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of endpoint slices
items: [...#EndpointSlice] @go(Items,[]EndpointSlice) @protobuf(2,bytes,rep)
}

20
timoni/podinfo/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue Normal file
View File

@@ -0,0 +1,20 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/discovery/v1
package v1
// LabelServiceName is used to indicate the name of a Kubernetes service.
#LabelServiceName: "kubernetes.io/service-name"
// LabelManagedBy is used to indicate the controller or entity that manages
// an EndpointSlice. This label aims to enable different EndpointSlice
// objects to be managed by different controllers or entities within the
// same cluster. It is highly recommended to configure this label for all
// EndpointSlices.
#LabelManagedBy: "endpointslice.kubernetes.io/managed-by"
// LabelSkipMirror can be set to true on an Endpoints resource to indicate
// that the EndpointSliceMirroring controller should not mirror this
// resource with EndpointSlices.
#LabelSkipMirror: "endpointslice.kubernetes.io/skip-mirror"

7
timoni/podinfo/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/events/v1
package v1
#GroupName: "events.k8s.io"

111
timoni/podinfo/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,111 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/events/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
)
// Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system.
// Events have a limited retention time and triggers and messages may evolve
// with time. Event consumers should not rely on the timing of an event
// with a given Reason reflecting a consistent underlying trigger, or the
// continued existence of events with that Reason. Events should be
// treated as informative, best-effort, supplemental data.
#Event: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// eventTime is the time when this Event was first observed. It is required.
eventTime: metav1.#MicroTime @go(EventTime) @protobuf(2,bytes,opt)
// series is data about the Event series this event represents or nil if it's a singleton Event.
// +optional
series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(3,bytes,opt)
// reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
// This field cannot be empty for new Events.
reportingController?: string @go(ReportingController) @protobuf(4,bytes,opt)
// reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`.
// This field cannot be empty for new Events and it can have at most 128 characters.
reportingInstance?: string @go(ReportingInstance) @protobuf(5,bytes,opt)
// action is what action was taken/failed regarding to the regarding object. It is machine-readable.
// This field cannot be empty for new Events and it can have at most 128 characters.
action?: string @go(Action) @protobuf(6,bytes)
// reason is why the action was taken. It is human-readable.
// This field cannot be empty for new Events and it can have at most 128 characters.
reason?: string @go(Reason) @protobuf(7,bytes)
// regarding contains the object this Event is about. In most cases it's an Object reporting controller
// implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because
// it acts on some changes in a ReplicaSet object.
// +optional
regarding?: corev1.#ObjectReference @go(Regarding) @protobuf(8,bytes,opt)
// related is the optional secondary object for more complex actions. E.g. when regarding object triggers
// a creation or deletion of related object.
// +optional
related?: null | corev1.#ObjectReference @go(Related,*corev1.ObjectReference) @protobuf(9,bytes,opt)
// note is a human-readable description of the status of this operation.
// Maximal length of the note is 1kB, but libraries should be prepared to
// handle values up to 64kB.
// +optional
note?: string @go(Note) @protobuf(10,bytes,opt)
// type is the type of this event (Normal, Warning), new types could be added in the future.
// It is machine-readable.
// This field cannot be empty for new Events.
type?: string @go(Type) @protobuf(11,bytes,opt)
// deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type.
// +optional
deprecatedSource?: corev1.#EventSource @go(DeprecatedSource) @protobuf(12,bytes,opt)
// deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type.
// +optional
deprecatedFirstTimestamp?: metav1.#Time @go(DeprecatedFirstTimestamp) @protobuf(13,bytes,opt)
// deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type.
// +optional
deprecatedLastTimestamp?: metav1.#Time @go(DeprecatedLastTimestamp) @protobuf(14,bytes,opt)
// deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.
// +optional
deprecatedCount?: int32 @go(DeprecatedCount) @protobuf(15,varint,opt)
}
// EventSeries contain information on series of events, i.e. thing that was/is happening
// continuously for some time. How often to update the EventSeries is up to the event reporters.
// The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows
// how this struct is updated on heartbeats and can guide customized reporter implementations.
#EventSeries: {
// count is the number of occurrences in this series up to the last heartbeat time.
count: int32 @go(Count) @protobuf(1,varint,opt)
// lastObservedTime is the time when last Event from the series was seen before last heartbeat.
lastObservedTime: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes,opt)
}
// EventList is a list of Event objects.
#EventList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is a list of schema objects.
items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/networking/v1
package v1
#GroupName: "networking.k8s.io"

588
timoni/podinfo/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,588 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/networking/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/intstr"
)
// NetworkPolicy describes what network traffic is allowed for a set of Pods
#NetworkPolicy: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec represents the specification of the desired behavior for this NetworkPolicy.
// +optional
spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt)
}
// PolicyType string describes the NetworkPolicy type
// This type is beta-level in 1.8
// +enum
#PolicyType: string // #enumPolicyType
#enumPolicyType:
#PolicyTypeIngress |
#PolicyTypeEgress
// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods
#PolicyTypeIngress: #PolicyType & "Ingress"
// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods
#PolicyTypeEgress: #PolicyType & "Egress"
// NetworkPolicySpec provides the specification of a NetworkPolicy
#NetworkPolicySpec: {
// podSelector selects the pods to which this NetworkPolicy object applies.
// The array of ingress rules is applied to any pods selected by this field.
// Multiple network policies can select the same set of pods. In this case,
// the ingress rules for each are combined additively.
// This field is NOT optional and follows standard label selector semantics.
// An empty podSelector matches all pods in this namespace.
podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt)
// ingress is a list of ingress rules to be applied to the selected pods.
// Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod
// (and cluster policy otherwise allows the traffic), OR if the traffic source is
// the pod's local node, OR if the traffic matches at least one ingress rule
// across all of the NetworkPolicy objects whose podSelector matches the pod. If
// this field is empty then this NetworkPolicy does not allow any traffic (and serves
// solely to ensure that the pods it selects are isolated by default)
// +optional
ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep)
// egress is a list of egress rules to be applied to the selected pods. Outgoing traffic
// is allowed if there are no NetworkPolicies selecting the pod (and cluster policy
// otherwise allows the traffic), OR if the traffic matches at least one egress rule
// across all of the NetworkPolicy objects whose podSelector matches the pod. If
// this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
// solely to ensure that the pods it selects are isolated by default).
// This field is beta-level in 1.8
// +optional
egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep)
// policyTypes is a list of rule types that the NetworkPolicy relates to.
// Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"].
// If this field is not specified, it will default based on the existence of ingress or egress rules;
// policies that contain an egress section are assumed to affect egress, and all policies
// (whether or not they contain an ingress section) are assumed to affect ingress.
// If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
// Likewise, if you want to write a policy that specifies that no egress is allowed,
// you must specify a policyTypes value that include "Egress" (since such a policy would not include
// an egress section and would otherwise default to just [ "Ingress" ]).
// This field is beta-level in 1.8
// +optional
policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType)
}
// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
#NetworkPolicyIngressRule: {
// ports is a list of ports which should be made accessible on the pods selected for
// this rule. Each item in this list is combined using a logical OR. If this field is
// empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows
// traffic only if the traffic matches at least one port in the list.
// +optional
ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep)
// from is a list of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation. If this field is
// empty or missing, this rule matches all sources (traffic not restricted by
// source). If this field is present and contains at least one item, this rule
// allows traffic only if the traffic matches at least one item in the from list.
// +optional
from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep)
}
// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
// This type is beta-level in 1.8
#NetworkPolicyEgressRule: {
// ports is a list of destination ports for outgoing traffic.
// Each item in this list is combined using a logical OR. If this field is
// empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows
// traffic only if the traffic matches at least one port in the list.
// +optional
ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep)
// to is a list of destinations for outgoing traffic of pods selected for this rule.
// Items in this list are combined using a logical OR operation. If this field is
// empty or missing, this rule matches all destinations (traffic not restricted by
// destination). If this field is present and contains at least one item, this rule
// allows traffic only if the traffic matches at least one item in the to list.
// +optional
to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep)
}
// NetworkPolicyPort describes a port to allow traffic on
#NetworkPolicyPort: {
// protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
// If not specified, this field defaults to TCP.
// +optional
protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol)
// port represents the port on the given protocol. This can either be a numerical or named
// port on a pod. If this field is not provided, this matches all port names and
// numbers.
// If present, only traffic on the specified protocol AND port will be matched.
// +optional
port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt)
// endPort indicates that the range of ports from port to endPort if set, inclusive,
// should be allowed by the policy. This field cannot be defined if the port field
// is not defined or if the port field is defined as a named (string) port.
// The endPort must be equal or greater than port.
// +optional
endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt)
}
// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed
// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs
// that should not be included within this rule.
#IPBlock: {
// cidr is a string representing the IPBlock
// Valid examples are "192.168.1.0/24" or "2001:db8::/64"
cidr: string @go(CIDR) @protobuf(1,bytes)
// except is a slice of CIDRs that should not be included within an IPBlock
// Valid examples are "192.168.1.0/24" or "2001:db8::/64"
// Except values will be rejected if they are outside the cidr range
// +optional
except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep)
}
// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of
// fields are allowed
#NetworkPolicyPeer: {
// podSelector is a label selector which selects pods. This field follows standard label
// selector semantics; if present but empty, it selects all pods.
//
// If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
// the pods matching podSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects the pods matching podSelector in the policy's own namespace.
// +optional
podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
// namespaceSelector selects namespaces using cluster-scoped labels. This field follows
// standard label selector semantics; if present but empty, it selects all namespaces.
//
// If podSelector is also set, then the NetworkPolicyPeer as a whole selects
// the pods matching podSelector in the namespaces selected by namespaceSelector.
// Otherwise it selects all pods in the namespaces selected by namespaceSelector.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// ipBlock defines policy on a particular IPBlock. If this field is set then
// neither of the other fields can be.
// +optional
ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep)
}
// NetworkPolicyList is a list of NetworkPolicy objects.
#NetworkPolicyList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is a list of schema objects.
items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep)
}
// Ingress is a collection of rules that allow inbound connections to reach the
// endpoints defined by a backend. An Ingress can be configured to give services
// externally-reachable urls, load balance traffic, terminate SSL, offer name
// based virtual hosting etc.
#Ingress: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec is the desired state of the Ingress.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt)
// status is the current state of the Ingress.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt)
}
// IngressList is a collection of Ingress.
#IngressList: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of Ingress.
items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep)
}
// IngressSpec describes the Ingress the user wishes to exist.
#IngressSpec: {
// ingressClassName is the name of an IngressClass cluster resource. Ingress
// controller implementations use this field to know whether they should be
// serving this Ingress resource, by a transitive connection
// (controller -> IngressClass -> Ingress resource). Although the
// `kubernetes.io/ingress.class` annotation (simple constant name) was never
// formally defined, it was widely supported by Ingress controllers to create
// a direct binding between Ingress controller and Ingress resources. Newly
// created Ingress resources should prefer using the field. However, even
// though the annotation is officially deprecated, for backwards compatibility
// reasons, ingress controllers should still honor that annotation if present.
// +optional
ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt)
// defaultBackend is the backend that should handle requests that don't
// match any rule. If Rules are not specified, DefaultBackend must be specified.
// If DefaultBackend is not set, the handling of requests that do not match any
// of the rules will be up to the Ingress controller.
// +optional
defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt)
// tls represents the TLS configuration. Currently the Ingress only supports a
// single TLS port, 443. If multiple members of this list specify different hosts,
// they will be multiplexed on the same port according to the hostname specified
// through the SNI TLS extension, if the ingress controller fulfilling the
// ingress supports SNI.
// +listType=atomic
// +optional
tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep)
// rules is a list of host rules used to configure the Ingress. If unspecified,
// or no rule matches, all traffic is sent to the default backend.
// +listType=atomic
// +optional
rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep)
}
// IngressTLS describes the transport layer security associated with an ingress.
#IngressTLS: {
// hosts is a list of hosts included in the TLS certificate. The values in
// this list must match the name/s used in the tlsSecret. Defaults to the
// wildcard host setting for the loadbalancer controller fulfilling this
// Ingress, if left unspecified.
// +listType=atomic
// +optional
hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep)
// secretName is the name of the secret used to terminate TLS traffic on
// port 443. Field is left optional to allow TLS routing based on SNI
// hostname alone. If the SNI host in a listener conflicts with the "Host"
// header field used by an IngressRule, the SNI host is used for termination
// and value of the "Host" header is used for routing.
// +optional
secretName?: string @go(SecretName) @protobuf(2,bytes,opt)
}
// IngressStatus describe the current state of the Ingress.
#IngressStatus: {
// loadBalancer contains the current status of the load-balancer.
// +optional
loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt)
}
// IngressLoadBalancerStatus represents the status of a load-balancer.
#IngressLoadBalancerStatus: {
// ingress is a list containing ingress points for the load-balancer.
// +optional
ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep)
}
// IngressLoadBalancerIngress represents the status of a load-balancer ingress point.
#IngressLoadBalancerIngress: {
// ip is set for load-balancer ingress points that are IP based.
// +optional
ip?: string @go(IP) @protobuf(1,bytes,opt)
// hostname is set for load-balancer ingress points that are DNS based.
// +optional
hostname?: string @go(Hostname) @protobuf(2,bytes,opt)
// ports provides information about the ports exposed by this LoadBalancer.
// +listType=atomic
// +optional
ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep)
}
// IngressPortStatus represents the error condition of a service port
#IngressPortStatus: {
// port is the port number of the ingress port.
port: int32 @go(Port) @protobuf(1,varint,opt)
// protocol is the protocol of the ingress port.
// The supported values are: "TCP", "UDP", "SCTP"
protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol)
// error is to record the problem with the service port
// The format of the error shall comply with the following rules:
// - built-in error values shall be specified in this file and those shall use
// CamelCase names
// - cloud provider specific error values must have names that comply with the
// format foo.example.com/CamelCase.
// ---
// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
// +optional
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
// +kubebuilder:validation:MaxLength=316
error?: null | string @go(Error,*string) @protobuf(3,bytes,opt)
}
// IngressRule represents the rules mapping the paths under a specified host to
// the related backend services. Incoming requests are first evaluated for a host
// match, then routed to the backend associated with the matching IngressRuleValue.
#IngressRule: {
// host is the fully qualified domain name of a network host, as defined by RFC 3986.
// Note the following deviations from the "host" part of the
// URI as defined in RFC 3986:
// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
// the IP in the Spec of the parent Ingress.
// 2. The `:` delimiter is not respected because ports are not allowed.
// Currently the port of an Ingress is implicitly :80 for http and
// :443 for https.
// Both these may change in the future.
// Incoming requests are matched against the host before the
// IngressRuleValue. If the host is unspecified, the Ingress routes all
// traffic based on the specified IngressRuleValue.
//
// host can be "precise" which is a domain name without the terminating dot of
// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name
// prefixed with a single wildcard label (e.g. "*.foo.com").
// The wildcard character '*' must appear by itself as the first DNS label and
// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*").
// Requests will be matched against the Host field in the following way:
// 1. If host is precise, the request matches this rule if the http host header is equal to Host.
// 2. If host is a wildcard, then the request matches this rule if the http host header
// is to equal to the suffix (removing the first label) of the wildcard rule.
// +optional
host?: string @go(Host) @protobuf(1,bytes,opt)
#IngressRuleValue
}
// IngressRuleValue represents a rule to apply against incoming requests. If the
// rule is satisfied, the request is routed to the specified backend. Currently
// mixing different types of rules in a single Ingress is disallowed, so exactly
// one of the following must be set.
#IngressRuleValue: {
// +optional
http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt)
}
// HTTPIngressRuleValue is a list of http selectors pointing to backends.
// In the example: http://<host>/<path>?<searchpart> -> backend where
// where parts of the url correspond to RFC 3986, this resource will be used
// to match against everything after the last '/' and before the first '?'
// or '#'.
#HTTPIngressRuleValue: {
// paths is a collection of paths that map requests to backends.
// +listType=atomic
paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep)
}
// PathType represents the type of path referred to by a HTTPIngressPath.
// +enum
#PathType: string // #enumPathType
#enumPathType:
#PathTypeExact |
#PathTypePrefix |
#PathTypeImplementationSpecific
// PathTypeExact matches the URL path exactly and with case sensitivity.
#PathTypeExact: #PathType & "Exact"
// PathTypePrefix matches based on a URL path prefix split by '/'. Matching
// is case sensitive and done on a path element by element basis. A path
// element refers to the list of labels in the path split by the '/'
// separator. A request is a match for path p if every p is an element-wise
// prefix of p of the request path. Note that if the last element of the
// path is a substring of the last element in request path, it is not a
// match (e.g. /foo/bar matches /foo/bar/baz, but does not match
// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the
// longest matching path is given priority.
// Examples:
// - /foo/bar does not match requests to /foo/barbaz
// - /foo/bar matches request to /foo/bar and /foo/bar/baz
// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are
// present in an Ingress spec, the longest matching path (/foo/) is given
// priority.
#PathTypePrefix: #PathType & "Prefix"
// PathTypeImplementationSpecific matching is up to the IngressClass.
// Implementations can treat this as a separate PathType or treat it
// identically to Prefix or Exact path types.
#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific"
// HTTPIngressPath associates a path with a backend. Incoming urls matching the
// path are forwarded to the backend.
#HTTPIngressPath: {
// path is matched against the path of an incoming request. Currently it can
// contain characters disallowed from the conventional "path" part of a URL
// as defined by RFC 3986. Paths must begin with a '/' and must be present
// when using PathType with value "Exact" or "Prefix".
// +optional
path?: string @go(Path) @protobuf(1,bytes,opt)
// pathType determines the interpretation of the path matching. PathType can
// be one of the following values:
// * Exact: Matches the URL path exactly.
// * Prefix: Matches based on a URL path prefix split by '/'. Matching is
// done on a path element by element basis. A path element refers is the
// list of labels in the path split by the '/' separator. A request is a
// match for path p if every p is an element-wise prefix of p of the
// request path. Note that if the last element of the path is a substring
// of the last element in request path, it is not a match (e.g. /foo/bar
// matches /foo/bar/baz, but does not match /foo/barbaz).
// * ImplementationSpecific: Interpretation of the Path matching is up to
// the IngressClass. Implementations can treat this as a separate PathType
// or treat it identically to Prefix or Exact path types.
// Implementations are required to support all path types.
pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt)
// backend defines the referenced service endpoint to which the traffic
// will be forwarded to.
backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt)
}
// IngressBackend describes all endpoints for a given service and port.
#IngressBackend: {
// service references a service as a backend.
// This is a mutually exclusive setting with "Resource".
// +optional
service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt)
// resource is an ObjectRef to another Kubernetes resource in the namespace
// of the Ingress object. If resource is specified, a service.Name and
// service.Port must not be specified.
// This is a mutually exclusive setting with "Service".
// +optional
resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt)
}
// IngressServiceBackend references a Kubernetes Service as a Backend.
#IngressServiceBackend: {
// name is the referenced service. The service must exist in
// the same namespace as the Ingress object.
name: string @go(Name) @protobuf(1,bytes,opt)
// port of the referenced service. A port name or port number
// is required for a IngressServiceBackend.
port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt)
}
// ServiceBackendPort is the service port being referenced.
#ServiceBackendPort: {
// name is the name of the port on the Service.
// This is a mutually exclusive setting with "Number".
// +optional
name?: string @go(Name) @protobuf(1,bytes,opt)
// number is the numerical port number (e.g. 80) on the Service.
// This is a mutually exclusive setting with "Name".
// +optional
number?: int32 @go(Number) @protobuf(2,bytes,opt)
}
// IngressClass represents the class of the Ingress, referenced by the Ingress
// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be
// used to indicate that an IngressClass should be considered default. When a
// single IngressClass resource has this annotation set to true, new Ingress
// resources without a class specified will be assigned this default class.
#IngressClass: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec is the desired state of the IngressClass.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt)
}
// IngressClassSpec provides information about the class of an Ingress.
#IngressClassSpec: {
// controller refers to the name of the controller that should handle this
// class. This allows for different "flavors" that are controlled by the
// same controller. For example, you may have different parameters for the
// same implementing controller. This should be specified as a
// domain-prefixed path no more than 250 characters in length, e.g.
// "acme.io/ingress-controller". This field is immutable.
controller?: string @go(Controller) @protobuf(1,bytes,opt)
// parameters is a link to a custom resource containing additional
// configuration for the controller. This is optional if the controller does
// not require extra parameters.
// +optional
parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt)
}
// IngressClassParametersReferenceScopeNamespace indicates that the
// referenced Parameters resource is namespace-scoped.
#IngressClassParametersReferenceScopeNamespace: "Namespace"
// IngressClassParametersReferenceScopeCluster indicates that the
// referenced Parameters resource is cluster-scoped.
#IngressClassParametersReferenceScopeCluster: "Cluster"
// IngressClassParametersReference identifies an API object. This can be used
// to specify a cluster or namespace-scoped resource.
#IngressClassParametersReference: {
// apiGroup is the group for the resource being referenced. If APIGroup is
// not specified, the specified Kind must be in the core API group. For any
// other third-party types, APIGroup is required.
// +optional
apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup)
// kind is the type of resource being referenced.
kind: string @go(Kind) @protobuf(2,bytes,opt)
// name is the name of resource being referenced.
name: string @go(Name) @protobuf(3,bytes,opt)
// scope represents if this refers to a cluster or namespace scoped resource.
// This may be set to "Cluster" (default) or "Namespace".
// +optional
scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt)
// namespace is the namespace of the resource being referenced. This field is
// required when scope is set to "Namespace" and must be unset when scope is set to
// "Cluster".
// +optional
namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt)
}
// IngressClassList is a collection of IngressClasses.
#IngressClassList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of IngressClasses.
items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep)
}

11
timoni/podinfo/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue Normal file
View File

@@ -0,0 +1,11 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/networking/v1
package v1
// AnnotationIsDefaultIngressClass can be used to indicate that an
// IngressClass should be considered default. When a single IngressClass
// resource has this annotation set to true, new Ingress resources without a
// class specified will be assigned this default class.
#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class"

7
timoni/podinfo/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/node/v1
package v1
#GroupName: "node.k8s.io"

90
timoni/podinfo/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,90 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/node/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
)
// RuntimeClass defines a class of container runtime supported in the cluster.
// The RuntimeClass is used to determine which container runtime is used to run
// all containers in a pod. RuntimeClasses are manually defined by a
// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is
// responsible for resolving the RuntimeClassName reference before running the
// pod. For more details, see
// https://kubernetes.io/docs/concepts/containers/runtime-class/
#RuntimeClass: {
metav1.#TypeMeta
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// handler specifies the underlying runtime and configuration that the CRI
// implementation will use to handle pods of this class. The possible values
// are specific to the node & CRI configuration. It is assumed that all
// handlers are available on every node, and handlers of the same name are
// equivalent on every node.
// For example, a handler called "runc" might specify that the runc OCI
// runtime (using native Linux containers) will be used to run the containers
// in a pod.
// The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements,
// and is immutable.
handler: string @go(Handler) @protobuf(2,bytes,opt)
// overhead represents the resource overhead associated with running a pod for a
// given RuntimeClass. For more details, see
// https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/
// +optional
overhead?: null | #Overhead @go(Overhead,*Overhead) @protobuf(3,bytes,opt)
// scheduling holds the scheduling constraints to ensure that pods running
// with this RuntimeClass are scheduled to nodes that support it.
// If scheduling is nil, this RuntimeClass is assumed to be supported by all
// nodes.
// +optional
scheduling?: null | #Scheduling @go(Scheduling,*Scheduling) @protobuf(4,bytes,opt)
}
// Overhead structure represents the resource overhead associated with running a pod.
#Overhead: {
// podFixed represents the fixed resource overhead associated with running a pod.
// +optional
podFixed?: corev1.#ResourceList @go(PodFixed) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName,castvalue=k8s.io/apimachinery/pkg/api/resource.Quantity)
}
// Scheduling specifies the scheduling constraints for nodes supporting a
// RuntimeClass.
#Scheduling: {
// nodeSelector lists labels that must be present on nodes that support this
// RuntimeClass. Pods using this RuntimeClass can only be scheduled to a
// node matched by this selector. The RuntimeClass nodeSelector is merged
// with a pod's existing nodeSelector. Any conflicts will cause the pod to
// be rejected in admission.
// +optional
// +mapType=atomic
nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(1,bytes,opt)
// tolerations are appended (excluding duplicates) to pods running with this
// RuntimeClass during admission, effectively unioning the set of nodes
// tolerated by the pod and the RuntimeClass.
// +optional
// +listType=atomic
tolerations?: [...corev1.#Toleration] @go(Tolerations,[]corev1.Toleration) @protobuf(2,bytes,rep)
}
// RuntimeClassList is a list of RuntimeClass objects.
#RuntimeClassList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is a list of schema objects.
items: [...#RuntimeClass] @go(Items,[]RuntimeClass) @protobuf(2,bytes,rep)
}

8
timoni/podinfo/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,8 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/policy/v1
// Package policy is for any kind of policy object. Suitable examples, even if
// they aren't all here, are PodDisruptionBudget, PodSecurityPolicy,
// NetworkPolicy, etc.
package v1

7
timoni/podinfo/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/policy/v1
package v1
#GroupName: "policy"

204
timoni/podinfo/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,204 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/policy/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
)
#DisruptionBudgetCause: metav1.#CauseType & "DisruptionBudget"
// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
#PodDisruptionBudgetSpec: {
// An eviction is allowed if at least "minAvailable" pods selected by
// "selector" will still be available after the eviction, i.e. even in the
// absence of the evicted pod. So for example you can prevent all voluntary
// evictions by specifying "100%".
// +optional
minAvailable?: null | intstr.#IntOrString @go(MinAvailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// Label query over pods whose evictions are managed by the disruption
// budget.
// A null selector will match no pods, while an empty ({}) selector will select
// all pods within the namespace.
// +patchStrategy=replace
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// An eviction is allowed if at most "maxUnavailable" pods selected by
// "selector" are unavailable after the eviction, i.e. even in absence of
// the evicted pod. For example, one can prevent all voluntary evictions
// by specifying 0. This is a mutually exclusive setting with "minAvailable".
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(3,bytes,opt)
// UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods
// should be considered for eviction. Current implementation considers healthy pods,
// as pods that have status.conditions item with type="Ready",status="True".
//
// Valid policies are IfHealthyBudget and AlwaysAllow.
// If no policy is specified, the default behavior will be used,
// which corresponds to the IfHealthyBudget policy.
//
// IfHealthyBudget policy means that running pods (status.phase="Running"),
// but not yet healthy can be evicted only if the guarded application is not
// disrupted (status.currentHealthy is at least equal to status.desiredHealthy).
// Healthy pods will be subject to the PDB for eviction.
//
// AlwaysAllow policy means that all running pods (status.phase="Running"),
// but not yet healthy are considered disrupted and can be evicted regardless
// of whether the criteria in a PDB is met. This means perspective running
// pods of a disrupted application might not get a chance to become healthy.
// Healthy pods will be subject to the PDB for eviction.
//
// Additional policies may be added in the future.
// Clients making eviction decisions should disallow eviction of unhealthy pods
// if they encounter an unrecognized policy in this field.
//
// This field is beta-level. The eviction API uses this field when
// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default).
// +optional
unhealthyPodEvictionPolicy?: null | #UnhealthyPodEvictionPolicyType @go(UnhealthyPodEvictionPolicy,*UnhealthyPodEvictionPolicyType) @protobuf(4,bytes,opt)
}
// UnhealthyPodEvictionPolicyType defines the criteria for when unhealthy pods
// should be considered for eviction.
// +enum
#UnhealthyPodEvictionPolicyType: string // #enumUnhealthyPodEvictionPolicyType
#enumUnhealthyPodEvictionPolicyType:
#IfHealthyBudget |
#AlwaysAllow
// IfHealthyBudget policy means that running pods (status.phase="Running"),
// but not yet healthy can be evicted only if the guarded application is not
// disrupted (status.currentHealthy is at least equal to status.desiredHealthy).
// Healthy pods will be subject to the PDB for eviction.
#IfHealthyBudget: #UnhealthyPodEvictionPolicyType & "IfHealthyBudget"
// AlwaysAllow policy means that all running pods (status.phase="Running"),
// but not yet healthy are considered disrupted and can be evicted regardless
// of whether the criteria in a PDB is met. This means perspective running
// pods of a disrupted application might not get a chance to become healthy.
// Healthy pods will be subject to the PDB for eviction.
#AlwaysAllow: #UnhealthyPodEvictionPolicyType & "AlwaysAllow"
// PodDisruptionBudgetStatus represents information about the status of a
// PodDisruptionBudget. Status may trail the actual state of a system.
#PodDisruptionBudgetStatus: {
// Most recent generation observed when updating this PDB status. DisruptionsAllowed and other
// status information is valid only if observedGeneration equals to PDB's object generation.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// DisruptedPods contains information about pods whose eviction was
// processed by the API server eviction subresource handler but has not
// yet been observed by the PodDisruptionBudget controller.
// A pod will be in this map from the time when the API server processed the
// eviction request to the time when the pod is seen by PDB controller
// as having been marked for deletion (or after a timeout). The key in the map is the name of the pod
// and the value is the time when the API server processed the eviction request. If
// the deletion didn't occur and a pod is still there it will be removed from
// the list automatically by PodDisruptionBudget controller after some time.
// If everything goes smooth this map should be empty for the most of the time.
// Large number of entries in the map may indicate problems with pod deletions.
// +optional
disruptedPods?: {[string]: metav1.#Time} @go(DisruptedPods,map[string]metav1.Time) @protobuf(2,bytes,rep)
// Number of pod disruptions that are currently allowed.
disruptionsAllowed: int32 @go(DisruptionsAllowed) @protobuf(3,varint,opt)
// current number of healthy pods
currentHealthy: int32 @go(CurrentHealthy) @protobuf(4,varint,opt)
// minimum desired number of healthy pods
desiredHealthy: int32 @go(DesiredHealthy) @protobuf(5,varint,opt)
// total number of pods counted by this disruption budget
expectedPods: int32 @go(ExpectedPods) @protobuf(6,varint,opt)
// Conditions contain conditions for PDB. The disruption controller sets the
// DisruptionAllowed condition. The following are known values for the reason field
// (additional reasons could be added in the future):
// - SyncFailed: The controller encountered an error and wasn't able to compute
// the number of allowed disruptions. Therefore no disruptions are
// allowed and the status of the condition will be False.
// - InsufficientPods: The number of pods are either at or below the number
// required by the PodDisruptionBudget. No disruptions are
// allowed and the status of the condition will be False.
// - SufficientPods: There are more pods than required by the PodDisruptionBudget.
// The condition will be True, and the number of allowed
// disruptions are provided by the disruptionsAllowed property.
//
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(7,bytes,rep)
}
// DisruptionAllowedCondition is a condition set by the disruption controller
// that signal whether any of the pods covered by the PDB can be disrupted.
#DisruptionAllowedCondition: "DisruptionAllowed"
// SyncFailedReason is set on the DisruptionAllowed condition if reconcile
// of the PDB failed and therefore disruption of pods are not allowed.
#SyncFailedReason: "SyncFailed"
// SufficientPodsReason is set on the DisruptionAllowed condition if there are
// more pods covered by the PDB than required and at least one can be disrupted.
#SufficientPodsReason: "SufficientPods"
// InsufficientPodsReason is set on the DisruptionAllowed condition if the number
// of pods are equal to or fewer than required by the PDB.
#InsufficientPodsReason: "InsufficientPods"
// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
#PodDisruptionBudget: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the PodDisruptionBudget.
// +optional
spec?: #PodDisruptionBudgetSpec @go(Spec) @protobuf(2,bytes,opt)
// Most recently observed status of the PodDisruptionBudget.
// +optional
status?: #PodDisruptionBudgetStatus @go(Status) @protobuf(3,bytes,opt)
}
// PodDisruptionBudgetList is a collection of PodDisruptionBudgets.
#PodDisruptionBudgetList: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is a list of PodDisruptionBudgets
items: [...#PodDisruptionBudget] @go(Items,[]PodDisruptionBudget) @protobuf(2,bytes,rep)
}
// Eviction evicts a pod from its node subject to certain policies and safety constraints.
// This is a subresource of Pod. A request to cause such an eviction is
// created by POSTing to .../pods/<pod name>/evictions.
#Eviction: {
metav1.#TypeMeta
// ObjectMeta describes the pod that is being evicted.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// DeleteOptions may be provided
// +optional
deleteOptions?: null | metav1.#DeleteOptions @go(DeleteOptions,*metav1.DeleteOptions) @protobuf(2,bytes,opt)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/rbac/v1
package v1
#GroupName: "rbac.authorization.k8s.io"

207
timoni/podinfo/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,207 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/rbac/v1
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
#APIGroupAll: "*"
#ResourceAll: "*"
#VerbAll: "*"
#NonResourceAll: "*"
#GroupKind: "Group"
#ServiceAccountKind: "ServiceAccount"
#UserKind: "User"
// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate"
// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
#PolicyRule: {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep)
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
// +optional
apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep)
// Resources is a list of resources this rule applies to. '*' represents all resources.
// +optional
resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// +optional
resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep)
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
// +optional
nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep)
}
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
// or a value for non-objects such as user and group names.
// +structType=atomic
#Subject: {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
kind: string @go(Kind) @protobuf(1,bytes,opt)
// APIGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
// +optional
apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup)
// Name of the object being referenced.
name: string @go(Name) @protobuf(3,bytes,opt)
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
// +optional
namespace?: string @go(Namespace) @protobuf(4,bytes,opt)
}
// RoleRef contains information that points to the role being used
// +structType=atomic
#RoleRef: {
// APIGroup is the group for the resource being referenced
apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt)
// Kind is the type of resource being referenced
kind: string @go(Kind) @protobuf(2,bytes,opt)
// Name is the name of resource being referenced
name: string @go(Name) @protobuf(3,bytes,opt)
}
// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
#Role: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Rules holds all the PolicyRules for this Role
// +optional
rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep)
}
// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace.
// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given
// namespace only have effect in that namespace.
#RoleBinding: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Subjects holds references to the objects the role applies to.
// +optional
subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep)
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
// This field is immutable.
roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt)
}
// RoleBindingList is a collection of RoleBindings
#RoleBindingList: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is a list of RoleBindings
items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep)
}
// RoleList is a collection of Roles
#RoleList: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is a list of Roles
items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep)
}
// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
#ClusterRole: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Rules holds all the PolicyRules for this ClusterRole
// +optional
rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep)
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
// +optional
aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt)
}
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
#AggregationRule: {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
// +optional
clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep)
}
// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace,
// and adds who information via Subject.
#ClusterRoleBinding: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Subjects holds references to the objects the role applies to.
// +optional
subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep)
// RoleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
// This field is immutable.
roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt)
}
// ClusterRoleBindingList is a collection of ClusterRoleBindings
#ClusterRoleBindingList: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is a list of ClusterRoleBindings
items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep)
}
// ClusterRoleList is a collection of ClusterRoles
#ClusterRoleList: {
metav1.#TypeMeta
// Standard object's metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is a list of ClusterRoles
items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/scheduling/v1
package v1
#GroupName: "scheduling.k8s.io"

57
timoni/podinfo/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,57 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/scheduling/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
apiv1 "k8s.io/api/core/v1"
)
// PriorityClass defines mapping from a priority class name to the priority
// integer value. The value can be any valid integer.
#PriorityClass: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// value represents the integer value of this priority class. This is the actual priority that pods
// receive when they have the name of this class in their pod spec.
value: int32 @go(Value) @protobuf(2,bytes,opt)
// globalDefault specifies whether this PriorityClass should be considered as
// the default priority for pods that do not have any priority class.
// Only one PriorityClass can be marked as `globalDefault`. However, if more than
// one PriorityClasses exists with their `globalDefault` field set to true,
// the smallest value of such global default PriorityClasses will be used as the default priority.
// +optional
globalDefault?: bool @go(GlobalDefault) @protobuf(3,bytes,opt)
// description is an arbitrary string that usually provides guidelines on
// when this priority class should be used.
// +optional
description?: string @go(Description) @protobuf(4,bytes,opt)
// preemptionPolicy is the Policy for preempting pods with lower priority.
// One of Never, PreemptLowerPriority.
// Defaults to PreemptLowerPriority if unset.
// +optional
preemptionPolicy?: null | apiv1.#PreemptionPolicy @go(PreemptionPolicy,*apiv1.PreemptionPolicy) @protobuf(5,bytes,opt)
}
// PriorityClassList is a collection of priority classes.
#PriorityClassList: {
metav1.#TypeMeta
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of PriorityClasses
items: [...#PriorityClass] @go(Items,[]PriorityClass) @protobuf(2,bytes,rep)
}

7
timoni/podinfo/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/storage/v1
package v1
#GroupName: "storage.k8s.io"

652
timoni/podinfo/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,652 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/storage/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
)
// StorageClass describes the parameters for a class of storage for
// which PersistentVolumes can be dynamically provisioned.
//
// StorageClasses are non-namespaced; the name of the storage class
// according to etcd is in ObjectMeta.Name.
#StorageClass: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// provisioner indicates the type of the provisioner.
provisioner: string @go(Provisioner) @protobuf(2,bytes,opt)
// parameters holds the parameters for the provisioner that should
// create volumes of this storage class.
// +optional
parameters?: {[string]: string} @go(Parameters,map[string]string) @protobuf(3,bytes,rep)
// reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class.
// Defaults to Delete.
// +optional
reclaimPolicy?: null | v1.#PersistentVolumeReclaimPolicy @go(ReclaimPolicy,*v1.PersistentVolumeReclaimPolicy) @protobuf(4,bytes,opt,casttype=k8s.io/api/core/v1.PersistentVolumeReclaimPolicy)
// mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class.
// e.g. ["ro", "soft"]. Not validated -
// mount of the PVs will simply fail if one is invalid.
// +optional
mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(5,bytes,opt)
// allowVolumeExpansion shows whether the storage class allow volume expand.
// +optional
allowVolumeExpansion?: null | bool @go(AllowVolumeExpansion,*bool) @protobuf(6,varint,opt)
// volumeBindingMode indicates how PersistentVolumeClaims should be
// provisioned and bound. When unset, VolumeBindingImmediate is used.
// This field is only honored by servers that enable the VolumeScheduling feature.
// +optional
volumeBindingMode?: null | #VolumeBindingMode @go(VolumeBindingMode,*VolumeBindingMode) @protobuf(7,bytes,opt)
// allowedTopologies restrict the node topologies where volumes can be dynamically provisioned.
// Each volume plugin defines its own supported topology specifications.
// An empty TopologySelectorTerm list means there is no topology restriction.
// This field is only honored by servers that enable the VolumeScheduling feature.
// +optional
// +listType=atomic
allowedTopologies?: [...v1.#TopologySelectorTerm] @go(AllowedTopologies,[]v1.TopologySelectorTerm) @protobuf(8,bytes,rep)
}
// StorageClassList is a collection of storage classes.
#StorageClassList: {
metav1.#TypeMeta
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of StorageClasses
items: [...#StorageClass] @go(Items,[]StorageClass) @protobuf(2,bytes,rep)
}
// VolumeBindingMode indicates how PersistentVolumeClaims should be bound.
// +enum
#VolumeBindingMode: string // #enumVolumeBindingMode
#enumVolumeBindingMode:
#VolumeBindingImmediate |
#VolumeBindingWaitForFirstConsumer
// VolumeBindingImmediate indicates that PersistentVolumeClaims should be
// immediately provisioned and bound. This is the default mode.
#VolumeBindingImmediate: #VolumeBindingMode & "Immediate"
// VolumeBindingWaitForFirstConsumer indicates that PersistentVolumeClaims
// should not be provisioned and bound until the first Pod is created that
// references the PeristentVolumeClaim. The volume provisioning and
// binding will occur during Pod scheduing.
#VolumeBindingWaitForFirstConsumer: #VolumeBindingMode & "WaitForFirstConsumer"
// VolumeAttachment captures the intent to attach or detach the specified volume
// to/from the specified node.
//
// VolumeAttachment objects are non-namespaced.
#VolumeAttachment: {
metav1.#TypeMeta
// Standard object metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec represents specification of the desired attach/detach volume behavior.
// Populated by the Kubernetes system.
spec: #VolumeAttachmentSpec @go(Spec) @protobuf(2,bytes,opt)
// status represents status of the VolumeAttachment request.
// Populated by the entity completing the attach or detach
// operation, i.e. the external-attacher.
// +optional
status?: #VolumeAttachmentStatus @go(Status) @protobuf(3,bytes,opt)
}
// VolumeAttachmentList is a collection of VolumeAttachment objects.
#VolumeAttachmentList: {
metav1.#TypeMeta
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of VolumeAttachments
items: [...#VolumeAttachment] @go(Items,[]VolumeAttachment) @protobuf(2,bytes,rep)
}
// VolumeAttachmentSpec is the specification of a VolumeAttachment request.
#VolumeAttachmentSpec: {
// attacher indicates the name of the volume driver that MUST handle this
// request. This is the name returned by GetPluginName().
attacher: string @go(Attacher) @protobuf(1,bytes,opt)
// source represents the volume that should be attached.
source: #VolumeAttachmentSource @go(Source) @protobuf(2,bytes,opt)
// nodeName represents the node that the volume should be attached to.
nodeName: string @go(NodeName) @protobuf(3,bytes,opt)
}
// VolumeAttachmentSource represents a volume that should be attached.
// Right now only PersistenVolumes can be attached via external attacher,
// in future we may allow also inline volumes in pods.
// Exactly one member can be set.
#VolumeAttachmentSource: {
// persistentVolumeName represents the name of the persistent volume to attach.
// +optional
persistentVolumeName?: null | string @go(PersistentVolumeName,*string) @protobuf(1,bytes,opt)
// inlineVolumeSpec contains all the information necessary to attach
// a persistent volume defined by a pod's inline VolumeSource. This field
// is populated only for the CSIMigration feature. It contains
// translated fields from a pod's inline VolumeSource to a
// PersistentVolumeSpec. This field is beta-level and is only
// honored by servers that enabled the CSIMigration feature.
// +optional
inlineVolumeSpec?: null | v1.#PersistentVolumeSpec @go(InlineVolumeSpec,*v1.PersistentVolumeSpec) @protobuf(2,bytes,opt)
}
// VolumeAttachmentStatus is the status of a VolumeAttachment request.
#VolumeAttachmentStatus: {
// attached indicates the volume is successfully attached.
// This field must only be set by the entity completing the attach
// operation, i.e. the external-attacher.
attached: bool @go(Attached) @protobuf(1,varint,opt)
// attachmentMetadata is populated with any
// information returned by the attach operation, upon successful attach, that must be passed
// into subsequent WaitForAttach or Mount calls.
// This field must only be set by the entity completing the attach
// operation, i.e. the external-attacher.
// +optional
attachmentMetadata?: {[string]: string} @go(AttachmentMetadata,map[string]string) @protobuf(2,bytes,rep)
// attachError represents the last error encountered during attach operation, if any.
// This field must only be set by the entity completing the attach
// operation, i.e. the external-attacher.
// +optional
attachError?: null | #VolumeError @go(AttachError,*VolumeError) @protobuf(3,bytes,opt,casttype=VolumeError)
// detachError represents the last error encountered during detach operation, if any.
// This field must only be set by the entity completing the detach
// operation, i.e. the external-attacher.
// +optional
detachError?: null | #VolumeError @go(DetachError,*VolumeError) @protobuf(4,bytes,opt,casttype=VolumeError)
}
// VolumeError captures an error encountered during a volume operation.
#VolumeError: {
// time represents the time the error was encountered.
// +optional
time?: metav1.#Time @go(Time) @protobuf(1,bytes,opt)
// message represents the error encountered during Attach or Detach operation.
// This string may be logged, so it should not contain sensitive
// information.
// +optional
message?: string @go(Message) @protobuf(2,bytes,opt)
}
// CSIDriver captures information about a Container Storage Interface (CSI)
// volume driver deployed on the cluster.
// Kubernetes attach detach controller uses this object to determine whether attach is required.
// Kubelet uses this object to determine whether pod information needs to be passed on mount.
// CSIDriver objects are non-namespaced.
#CSIDriver: {
metav1.#TypeMeta
// Standard object metadata.
// metadata.Name indicates the name of the CSI driver that this object
// refers to; it MUST be the same name returned by the CSI GetPluginName()
// call for that driver.
// The driver name must be 63 characters or less, beginning and ending with
// an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and
// alphanumerics between.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec represents the specification of the CSI Driver.
spec: #CSIDriverSpec @go(Spec) @protobuf(2,bytes,opt)
}
// CSIDriverList is a collection of CSIDriver objects.
#CSIDriverList: {
metav1.#TypeMeta
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of CSIDriver
items: [...#CSIDriver] @go(Items,[]CSIDriver) @protobuf(2,bytes,rep)
}
// CSIDriverSpec is the specification of a CSIDriver.
#CSIDriverSpec: {
// attachRequired indicates this CSI volume driver requires an attach
// operation (because it implements the CSI ControllerPublishVolume()
// method), and that the Kubernetes attach detach controller should call
// the attach volume interface which checks the volumeattachment status
// and waits until the volume is attached before proceeding to mounting.
// The CSI external-attacher coordinates with CSI volume driver and updates
// the volumeattachment status when the attach operation is complete.
// If the CSIDriverRegistry feature gate is enabled and the value is
// specified to false, the attach operation will be skipped.
// Otherwise the attach operation will be called.
//
// This field is immutable.
//
// +optional
attachRequired?: null | bool @go(AttachRequired,*bool) @protobuf(1,varint,opt)
// podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.)
// during mount operations, if set to true.
// If set to false, pod information will not be passed on mount.
// Default is false.
//
// The CSI driver specifies podInfoOnMount as part of driver deployment.
// If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls.
// The CSI driver is responsible for parsing and validating the information passed in as VolumeContext.
//
// The following VolumeConext will be passed if podInfoOnMount is set to true.
// This list might grow, but the prefix will be used.
// "csi.storage.k8s.io/pod.name": pod.Name
// "csi.storage.k8s.io/pod.namespace": pod.Namespace
// "csi.storage.k8s.io/pod.uid": string(pod.UID)
// "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume
// defined by a CSIVolumeSource, otherwise "false"
//
// "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only
// required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode.
// Other drivers can leave pod info disabled and/or ignore this field.
// As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when
// deployed on such a cluster and the deployment determines which mode that is, for example
// via a command line parameter of the driver.
//
// This field is immutable.
//
// +optional
podInfoOnMount?: null | bool @go(PodInfoOnMount,*bool) @protobuf(2,bytes,opt)
// volumeLifecycleModes defines what kind of volumes this CSI volume driver supports.
// The default if the list is empty is "Persistent", which is the usage defined by the
// CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism.
//
// The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec
// with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod.
// A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume.
//
// For more information about implementing this mode, see
// https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html
// A driver can support one or more of these modes and more modes may be added in the future.
//
// This field is beta.
// This field is immutable.
//
// +optional
// +listType=set
volumeLifecycleModes?: [...#VolumeLifecycleMode] @go(VolumeLifecycleModes,[]VolumeLifecycleMode) @protobuf(3,bytes,opt)
// storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage
// capacity that the driver deployment will report by creating
// CSIStorageCapacity objects with capacity information, if set to true.
//
// The check can be enabled immediately when deploying a driver.
// In that case, provisioning new volumes with late binding
// will pause until the driver deployment has published
// some suitable CSIStorageCapacity object.
//
// Alternatively, the driver can be deployed with the field
// unset or false and it can be flipped later when storage
// capacity information has been published.
//
// This field was immutable in Kubernetes <= 1.22 and now is mutable.
//
// +optional
// +featureGate=CSIStorageCapacity
storageCapacity?: null | bool @go(StorageCapacity,*bool) @protobuf(4,bytes,opt)
// fsGroupPolicy defines if the underlying volume supports changing ownership and
// permission of the volume before being mounted.
// Refer to the specific FSGroupPolicy values for additional details.
//
// This field is immutable.
//
// Defaults to ReadWriteOnceWithFSType, which will examine each volume
// to determine if Kubernetes should modify ownership and permissions of the volume.
// With the default policy the defined fsGroup will only be applied
// if a fstype is defined and the volume's access mode contains ReadWriteOnce.
//
// +optional
fsGroupPolicy?: null | #FSGroupPolicy @go(FSGroupPolicy,*FSGroupPolicy) @protobuf(5,bytes,opt)
// tokenRequests indicates the CSI driver needs pods' service account
// tokens it is mounting volume for to do necessary authentication. Kubelet
// will pass the tokens in VolumeContext in the CSI NodePublishVolume calls.
// The CSI driver should parse and validate the following VolumeContext:
// "csi.storage.k8s.io/serviceAccount.tokens": {
// "<audience>": {
// "token": <token>,
// "expirationTimestamp": <expiration timestamp in RFC3339>,
// },
// ...
// }
//
// Note: Audience in each TokenRequest should be different and at
// most one token is empty string. To receive a new token after expiry,
// RequiresRepublish can be used to trigger NodePublishVolume periodically.
//
// +optional
// +listType=atomic
tokenRequests?: [...#TokenRequest] @go(TokenRequests,[]TokenRequest) @protobuf(6,bytes,opt)
// requiresRepublish indicates the CSI driver wants `NodePublishVolume`
// being periodically called to reflect any possible change in the mounted
// volume. This field defaults to false.
//
// Note: After a successful initial NodePublishVolume call, subsequent calls
// to NodePublishVolume should only update the contents of the volume. New
// mount points will not be seen by a running container.
//
// +optional
requiresRepublish?: null | bool @go(RequiresRepublish,*bool) @protobuf(7,varint,opt)
// seLinuxMount specifies if the CSI driver supports "-o context"
// mount option.
//
// When "true", the CSI driver must ensure that all volumes provided by this CSI
// driver can be mounted separately with different `-o context` options. This is
// typical for storage backends that provide volumes as filesystems on block
// devices or as independent shared volumes.
// Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount
// option when mounting a ReadWriteOncePod volume used in Pod that has
// explicitly set SELinux context. In the future, it may be expanded to other
// volume AccessModes. In any case, Kubernetes will ensure that the volume is
// mounted only with a single SELinux context.
//
// When "false", Kubernetes won't pass any special SELinux mount options to the driver.
// This is typical for volumes that represent subdirectories of a bigger shared filesystem.
//
// Default is "false".
//
// +featureGate=SELinuxMountReadWriteOncePod
// +optional
seLinuxMount?: null | bool @go(SELinuxMount,*bool) @protobuf(8,varint,opt)
}
// FSGroupPolicy specifies if a CSI Driver supports modifying
// volume ownership and permissions of the volume to be mounted.
// More modes may be added in the future.
#FSGroupPolicy: string // #enumFSGroupPolicy
#enumFSGroupPolicy:
#ReadWriteOnceWithFSTypeFSGroupPolicy |
#FileFSGroupPolicy |
#NoneFSGroupPolicy
// ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined
// to determine if the volume ownership and permissions
// should be modified. If a fstype is defined and the volume's access mode
// contains ReadWriteOnce, then the defined fsGroup will be applied.
// This mode should be defined if it's expected that the
// fsGroup may need to be modified depending on the pod's SecurityPolicy.
// This is the default behavior if no other FSGroupPolicy is defined.
#ReadWriteOnceWithFSTypeFSGroupPolicy: #FSGroupPolicy & "ReadWriteOnceWithFSType"
// FileFSGroupPolicy indicates that CSI driver supports volume ownership
// and permission change via fsGroup, and Kubernetes will change the permissions
// and ownership of every file in the volume to match the user requested fsGroup in
// the pod's SecurityPolicy regardless of fstype or access mode.
// Use this mode if Kubernetes should modify the permissions and ownership
// of the volume.
#FileFSGroupPolicy: #FSGroupPolicy & "File"
// NoneFSGroupPolicy indicates that volumes will be mounted without performing
// any ownership or permission modifications, as the CSIDriver does not support
// these operations.
// This mode should be selected if the CSIDriver does not support fsGroup modifications,
// for example when Kubernetes cannot change ownership and permissions on a volume due
// to root-squash settings on a NFS volume.
#NoneFSGroupPolicy: #FSGroupPolicy & "None"
// VolumeLifecycleMode is an enumeration of possible usage modes for a volume
// provided by a CSI driver. More modes may be added in the future.
#VolumeLifecycleMode: string // #enumVolumeLifecycleMode
#enumVolumeLifecycleMode:
#VolumeLifecyclePersistent |
#VolumeLifecycleEphemeral
// TokenRequest contains parameters of a service account token.
#TokenRequest: {
// audience is the intended audience of the token in "TokenRequestSpec".
// It will default to the audiences of kube apiserver.
audience: string @go(Audience) @protobuf(1,bytes,opt)
// expirationSeconds is the duration of validity of the token in "TokenRequestSpec".
// It has the same default value of "ExpirationSeconds" in "TokenRequestSpec".
//
// +optional
expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt)
}
// VolumeLifecyclePersistent explicitly confirms that the driver implements
// the full CSI spec. It is the default when CSIDriverSpec.VolumeLifecycleModes is not
// set. Such volumes are managed in Kubernetes via the persistent volume
// claim mechanism and have a lifecycle that is independent of the pods which
// use them.
#VolumeLifecyclePersistent: #VolumeLifecycleMode & "Persistent"
// VolumeLifecycleEphemeral indicates that the driver can be used for
// ephemeral inline volumes. Such volumes are specified inside the pod
// spec with a CSIVolumeSource and, as far as Kubernetes is concerned, have
// a lifecycle that is tied to the lifecycle of the pod. For example, such
// a volume might contain data that gets created specifically for that pod,
// like secrets.
// But how the volume actually gets created and managed is entirely up to
// the driver. It might also use reference counting to share the same volume
// instance among different pods if the CSIVolumeSource of those pods is
// identical.
#VolumeLifecycleEphemeral: #VolumeLifecycleMode & "Ephemeral"
// CSINode holds information about all CSI drivers installed on a node.
// CSI drivers do not need to create the CSINode object directly. As long as
// they use the node-driver-registrar sidecar container, the kubelet will
// automatically populate the CSINode object for the CSI driver as part of
// kubelet plugin registration.
// CSINode has the same name as a node. If the object is missing, it means either
// there are no CSI Drivers available on the node, or the Kubelet version is low
// enough that it doesn't create this object.
// CSINode has an OwnerReference that points to the corresponding node object.
#CSINode: {
metav1.#TypeMeta
// Standard object's metadata.
// metadata.name must be the Kubernetes node name.
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec is the specification of CSINode
spec: #CSINodeSpec @go(Spec) @protobuf(2,bytes,opt)
}
// CSINodeSpec holds information about the specification of all CSI drivers installed on a node
#CSINodeSpec: {
// drivers is a list of information of all CSI Drivers existing on a node.
// If all drivers in the list are uninstalled, this can become empty.
// +patchMergeKey=name
// +patchStrategy=merge
drivers: [...#CSINodeDriver] @go(Drivers,[]CSINodeDriver) @protobuf(1,bytes,rep)
}
// CSINodeDriver holds information about the specification of one CSI driver installed on a node
#CSINodeDriver: {
// name represents the name of the CSI driver that this object refers to.
// This MUST be the same name returned by the CSI GetPluginName() call for
// that driver.
name: string @go(Name) @protobuf(1,bytes,opt)
// nodeID of the node from the driver point of view.
// This field enables Kubernetes to communicate with storage systems that do
// not share the same nomenclature for nodes. For example, Kubernetes may
// refer to a given node as "node1", but the storage system may refer to
// the same node as "nodeA". When Kubernetes issues a command to the storage
// system to attach a volume to a specific node, it can use this field to
// refer to the node name using the ID that the storage system will
// understand, e.g. "nodeA" instead of "node1". This field is required.
nodeID: string @go(NodeID) @protobuf(2,bytes,opt)
// topologyKeys is the list of keys supported by the driver.
// When a driver is initialized on a cluster, it provides a set of topology
// keys that it understands (e.g. "company.com/zone", "company.com/region").
// When a driver is initialized on a node, it provides the same topology keys
// along with values. Kubelet will expose these topology keys as labels
// on its own node object.
// When Kubernetes does topology aware provisioning, it can use this list to
// determine which labels it should retrieve from the node object and pass
// back to the driver.
// It is possible for different nodes to use different topology keys.
// This can be empty if driver does not support topology.
// +optional
topologyKeys: [...string] @go(TopologyKeys,[]string) @protobuf(3,bytes,rep)
// allocatable represents the volume resources of a node that are available for scheduling.
// This field is beta.
// +optional
allocatable?: null | #VolumeNodeResources @go(Allocatable,*VolumeNodeResources) @protobuf(4,bytes,opt)
}
// VolumeNodeResources is a set of resource limits for scheduling of volumes.
#VolumeNodeResources: {
// count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node.
// A volume that is both attached and mounted on a node is considered to be used once, not twice.
// The same rule applies for a unique volume that is shared among multiple pods on the same node.
// If this field is not specified, then the supported number of volumes on this node is unbounded.
// +optional
count?: null | int32 @go(Count,*int32) @protobuf(1,varint,opt)
}
// CSINodeList is a collection of CSINode objects.
#CSINodeList: {
metav1.#TypeMeta
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of CSINode
items: [...#CSINode] @go(Items,[]CSINode) @protobuf(2,bytes,rep)
}
// CSIStorageCapacity stores the result of one CSI GetCapacity call.
// For a given StorageClass, this describes the available capacity in a
// particular topology segment. This can be used when considering where to
// instantiate new PersistentVolumes.
//
// For example this can express things like:
// - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1"
// - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123"
//
// The following three cases all imply that no capacity is available for
// a certain combination:
// - no object exists with suitable topology and storage class name
// - such an object exists, but the capacity is unset
// - such an object exists, but the capacity is zero
//
// The producer of these objects can decide which approach is more suitable.
//
// They are consumed by the kube-scheduler when a CSI driver opts into
// capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler
// compares the MaximumVolumeSize against the requested size of pending volumes
// to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back
// to a comparison against the less precise Capacity. If that is also unset,
// the scheduler assumes that capacity is insufficient and tries some other
// node.
#CSIStorageCapacity: {
metav1.#TypeMeta
// Standard object's metadata.
// The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters).
// To ensure that there are no conflicts with other CSI drivers on the cluster,
// the recommendation is to use csisc-<uuid>, a generated name, or a reverse-domain name
// which ends with the unique CSI driver name.
//
// Objects are namespaced.
//
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// nodeTopology defines which nodes have access to the storage
// for which capacity was reported. If not set, the storage is
// not accessible from any node in the cluster. If empty, the
// storage is accessible from all nodes. This field is
// immutable.
//
// +optional
nodeTopology?: null | metav1.#LabelSelector @go(NodeTopology,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// storageClassName represents the name of the StorageClass that the reported capacity applies to.
// It must meet the same requirements as the name of a StorageClass
// object (non-empty, DNS subdomain). If that object no longer exists,
// the CSIStorageCapacity object is obsolete and should be removed by its
// creator.
// This field is immutable.
storageClassName: string @go(StorageClassName) @protobuf(3,bytes)
// capacity is the value reported by the CSI driver in its GetCapacityResponse
// for a GetCapacityRequest with topology and parameters that match the
// previous fields.
//
// The semantic is currently (CSI spec 1.2) defined as:
// The available capacity, in bytes, of the storage that can be used
// to provision volumes. If not set, that information is currently
// unavailable.
//
// +optional
capacity?: null | resource.#Quantity @go(Capacity,*resource.Quantity) @protobuf(4,bytes,opt)
// maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse
// for a GetCapacityRequest with topology and parameters that match the
// previous fields.
//
// This is defined since CSI spec 1.4.0 as the largest size
// that may be used in a
// CreateVolumeRequest.capacity_range.required_bytes field to
// create a volume with the same parameters as those in
// GetCapacityRequest. The corresponding value in the Kubernetes
// API is ResourceRequirements.Requests in a volume claim.
//
// +optional
maximumVolumeSize?: null | resource.#Quantity @go(MaximumVolumeSize,*resource.Quantity) @protobuf(5,bytes,opt)
}
// CSIStorageCapacityList is a collection of CSIStorageCapacity objects.
#CSIStorageCapacityList: {
metav1.#TypeMeta
// Standard list metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of CSIStorageCapacity objects.
// +listType=map
// +listMapKey=name
items: [...#CSIStorageCapacity] @go(Items,[]CSIStorageCapacity) @protobuf(2,bytes,rep)
}

6
timoni/podinfo/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,6 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
// Package v1 is the v1 version of the API.
package v1

7
timoni/podinfo/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
package v1
#GroupName: "apiextensions.k8s.io"

513
timoni/podinfo/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue Normal file
View File

@@ -0,0 +1,513 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/runtime"
)
// ConversionStrategyType describes different conversion types.
#ConversionStrategyType: string // #enumConversionStrategyType
#enumConversionStrategyType:
#NoneConverter |
#WebhookConverter
// KubeAPIApprovedAnnotation is an annotation that must be set to create a CRD for the k8s.io, *.k8s.io, kubernetes.io, or *.kubernetes.io namespaces.
// The value should be a link to a URL where the current spec was approved, so updates to the spec should also update the URL.
// If the API is unapproved, you may set the annotation to a string starting with `"unapproved"`. For instance, `"unapproved, temporarily squatting"` or `"unapproved, experimental-only"`. This is discouraged.
#KubeAPIApprovedAnnotation: "api-approved.kubernetes.io"
// NoneConverter is a converter that only sets apiversion of the CR and leave everything else unchanged.
#NoneConverter: #ConversionStrategyType & "None"
// WebhookConverter is a converter that calls to an external webhook to convert the CR.
#WebhookConverter: #ConversionStrategyType & "Webhook"
// CustomResourceDefinitionSpec describes how a user wants their resource to appear
#CustomResourceDefinitionSpec: {
// group is the API group of the defined custom resource.
// The custom resources are served under `/apis/<group>/...`.
// Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
group: string @go(Group) @protobuf(1,bytes,opt)
// names specify the resource and kind names for the custom resource.
names: #CustomResourceDefinitionNames @go(Names) @protobuf(3,bytes,opt)
// scope indicates whether the defined custom resource is cluster- or namespace-scoped.
// Allowed values are `Cluster` and `Namespaced`.
scope: #ResourceScope @go(Scope) @protobuf(4,bytes,opt,casttype=ResourceScope)
// versions is the list of all API versions of the defined custom resource.
// Version names are used to compute the order in which served versions are listed in API discovery.
// If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered
// lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version),
// then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first
// by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing
// major version, then minor version. An example sorted list of versions:
// v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
versions: [...#CustomResourceDefinitionVersion] @go(Versions,[]CustomResourceDefinitionVersion) @protobuf(7,bytes,rep)
// conversion defines conversion settings for the CRD.
// +optional
conversion?: null | #CustomResourceConversion @go(Conversion,*CustomResourceConversion) @protobuf(9,bytes,opt)
// preserveUnknownFields indicates that object fields which are not specified
// in the OpenAPI schema should be preserved when persisting to storage.
// apiVersion, kind, metadata and known fields inside metadata are always preserved.
// This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`.
// See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details.
// +optional
preserveUnknownFields?: bool @go(PreserveUnknownFields) @protobuf(10,varint,opt)
}
// CustomResourceConversion describes how to convert different versions of a CR.
#CustomResourceConversion: {
// strategy specifies how custom resources are converted between versions. Allowed values are:
// - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource.
// - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
// is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
strategy: #ConversionStrategyType @go(Strategy) @protobuf(1,bytes)
// webhook describes how to call the conversion webhook. Required when `strategy` is set to `"Webhook"`.
// +optional
webhook?: null | #WebhookConversion @go(Webhook,*WebhookConversion) @protobuf(2,bytes,opt)
}
// WebhookConversion describes how to call a conversion webhook
#WebhookConversion: {
// clientConfig is the instructions for how to call the webhook if strategy is `Webhook`.
// +optional
clientConfig?: null | #WebhookClientConfig @go(ClientConfig,*WebhookClientConfig) @protobuf(2,bytes)
// conversionReviewVersions is an ordered list of preferred `ConversionReview`
// versions the Webhook expects. The API server will use the first version in
// the list which it supports. If none of the versions specified in this list
// are supported by API server, conversion will fail for the custom resource.
// If a persisted Webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail.
conversionReviewVersions: [...string] @go(ConversionReviewVersions,[]string) @protobuf(3,bytes,rep)
}
// WebhookClientConfig contains the information to make a TLS connection with the webhook.
#WebhookClientConfig: {
// url gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
url?: null | string @go(URL,*string) @protobuf(3,bytes,opt)
// service is a reference to the service for this webhook. Either
// service or url must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// +optional
service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt)
// caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt)
}
// ServiceReference holds a reference to Service.legacy.k8s.io
#ServiceReference: {
// namespace is the namespace of the service.
// Required
namespace: string @go(Namespace) @protobuf(1,bytes,opt)
// name is the name of the service.
// Required
name: string @go(Name) @protobuf(2,bytes,opt)
// path is an optional URL path at which the webhook will be contacted.
// +optional
path?: null | string @go(Path,*string) @protobuf(3,bytes,opt)
// port is an optional service port at which the webhook will be contacted.
// `port` should be a valid port number (1-65535, inclusive).
// Defaults to 443 for backward compatibility.
// +optional
port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt)
}
// CustomResourceDefinitionVersion describes a version for CRD.
#CustomResourceDefinitionVersion: {
// name is the version name, e.g. “v1”, “v2beta1”, etc.
// The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
name: string @go(Name) @protobuf(1,bytes,opt)
// served is a flag enabling/disabling this version from being served via REST APIs
served: bool @go(Served) @protobuf(2,varint,opt)
// storage indicates this version should be used when persisting custom resources to storage.
// There must be exactly one version with storage=true.
storage: bool @go(Storage) @protobuf(3,varint,opt)
// deprecated indicates this version of the custom resource API is deprecated.
// When set to true, API requests to this version receive a warning header in the server response.
// Defaults to false.
// +optional
deprecated?: bool @go(Deprecated) @protobuf(7,varint,opt)
// deprecationWarning overrides the default warning returned to API clients.
// May only be set when `deprecated` is true.
// The default warning indicates this version is deprecated and recommends use
// of the newest served version of equal or greater stability, if one exists.
// +optional
deprecationWarning?: null | string @go(DeprecationWarning,*string) @protobuf(8,bytes,opt)
// schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource.
// +optional
schema?: null | #CustomResourceValidation @go(Schema,*CustomResourceValidation) @protobuf(4,bytes,opt)
// subresources specify what subresources this version of the defined custom resource have.
// +optional
subresources?: null | #CustomResourceSubresources @go(Subresources,*CustomResourceSubresources) @protobuf(5,bytes,opt)
// additionalPrinterColumns specifies additional columns returned in Table output.
// See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
// If no columns are specified, a single column displaying the age of the custom resource is used.
// +optional
additionalPrinterColumns?: [...#CustomResourceColumnDefinition] @go(AdditionalPrinterColumns,[]CustomResourceColumnDefinition) @protobuf(6,bytes,rep)
}
// CustomResourceColumnDefinition specifies a column for server side printing.
#CustomResourceColumnDefinition: {
// name is a human readable name for the column.
name: string @go(Name) @protobuf(1,bytes,opt)
// type is an OpenAPI type definition for this column.
// See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
type: string @go(Type) @protobuf(2,bytes,opt)
// format is an optional OpenAPI type definition for this column. The 'name' format is applied
// to the primary identifier column to assist in clients identifying column is the resource name.
// See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
// +optional
format?: string @go(Format) @protobuf(3,bytes,opt)
// description is a human readable description of this column.
// +optional
description?: string @go(Description) @protobuf(4,bytes,opt)
// priority is an integer defining the relative importance of this column compared to others. Lower
// numbers are considered higher priority. Columns that may be omitted in limited space scenarios
// should be given a priority greater than 0.
// +optional
priority?: int32 @go(Priority) @protobuf(5,bytes,opt)
// jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against
// each custom resource to produce the value for this column.
jsonPath: string @go(JSONPath) @protobuf(6,bytes,opt)
}
// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
#CustomResourceDefinitionNames: {
// plural is the plural name of the resource to serve.
// The custom resources are served under `/apis/<group>/<version>/.../<plural>`.
// Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
// Must be all lowercase.
plural: string @go(Plural) @protobuf(1,bytes,opt)
// singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.
// +optional
singular?: string @go(Singular) @protobuf(2,bytes,opt)
// shortNames are short names for the resource, exposed in API discovery documents,
// and used by clients to support invocations like `kubectl get <shortname>`.
// It must be all lowercase.
// +optional
shortNames?: [...string] @go(ShortNames,[]string) @protobuf(3,bytes,opt)
// kind is the serialized kind of the resource. It is normally CamelCase and singular.
// Custom resource instances will use this value as the `kind` attribute in API calls.
kind: string @go(Kind) @protobuf(4,bytes,opt)
// listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".
// +optional
listKind?: string @go(ListKind) @protobuf(5,bytes,opt)
// categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
// This is published in API discovery documents, and used by clients to support invocations like
// `kubectl get all`.
// +optional
categories?: [...string] @go(Categories,[]string) @protobuf(6,bytes,rep)
}
// ResourceScope is an enum defining the different scopes available to a custom resource
#ResourceScope: string // #enumResourceScope
#enumResourceScope:
#ClusterScoped |
#NamespaceScoped
#ClusterScoped: #ResourceScope & "Cluster"
#NamespaceScoped: #ResourceScope & "Namespaced"
#ConditionStatus: string // #enumConditionStatus
#enumConditionStatus:
#ConditionTrue |
#ConditionFalse |
#ConditionUnknown
#ConditionTrue: #ConditionStatus & "True"
#ConditionFalse: #ConditionStatus & "False"
#ConditionUnknown: #ConditionStatus & "Unknown"
// CustomResourceDefinitionConditionType is a valid value for CustomResourceDefinitionCondition.Type
#CustomResourceDefinitionConditionType: string // #enumCustomResourceDefinitionConditionType
#enumCustomResourceDefinitionConditionType:
#Established |
#NamesAccepted |
#NonStructuralSchema |
#Terminating |
#KubernetesAPIApprovalPolicyConformant
// Established means that the resource has become active. A resource is established when all names are
// accepted without a conflict for the first time. A resource stays established until deleted, even during
// a later NamesAccepted due to changed names. Note that not all names can be changed.
#Established: #CustomResourceDefinitionConditionType & "Established"
// NamesAccepted means the names chosen for this CustomResourceDefinition do not conflict with others in
// the group and are therefore accepted.
#NamesAccepted: #CustomResourceDefinitionConditionType & "NamesAccepted"
// NonStructuralSchema means that one or more OpenAPI schema is not structural.
//
// A schema is structural if it specifies types for all values, with the only exceptions of those with
// - x-kubernetes-int-or-string: true — for fields which can be integer or string
// - x-kubernetes-preserve-unknown-fields: true — for raw, unspecified JSON values
// and there is no type, additionalProperties, default, nullable or x-kubernetes-* vendor extenions
// specified under allOf, anyOf, oneOf or not.
//
// Non-structural schemas will not be allowed anymore in v1 API groups. Moreover, new features will not be
// available for non-structural CRDs:
// - pruning
// - defaulting
// - read-only
// - OpenAPI publishing
// - webhook conversion
#NonStructuralSchema: #CustomResourceDefinitionConditionType & "NonStructuralSchema"
// Terminating means that the CustomResourceDefinition has been deleted and is cleaning up.
#Terminating: #CustomResourceDefinitionConditionType & "Terminating"
// KubernetesAPIApprovalPolicyConformant indicates that an API in *.k8s.io or *.kubernetes.io is or is not approved. For CRDs
// outside those groups, this condition will not be set. For CRDs inside those groups, the condition will
// be true if .metadata.annotations["api-approved.kubernetes.io"] is set to a URL, otherwise it will be false.
// See https://github.com/kubernetes/enhancements/pull/1111 for more details.
#KubernetesAPIApprovalPolicyConformant: #CustomResourceDefinitionConditionType & "KubernetesAPIApprovalPolicyConformant"
// CustomResourceDefinitionCondition contains details for the current condition of this pod.
#CustomResourceDefinitionCondition: {
// type is the type of the condition. Types include Established, NamesAccepted and Terminating.
type: #CustomResourceDefinitionConditionType @go(Type) @protobuf(1,bytes,opt,casttype=CustomResourceDefinitionConditionType)
// status is the status of the condition.
// Can be True, False, Unknown.
status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
// lastTransitionTime last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// reason is a unique, one-word, CamelCase reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// message is a human-readable message indicating details about last transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition
#CustomResourceDefinitionStatus: {
// conditions indicate state for particular aspects of a CustomResourceDefinition
// +optional
// +listType=map
// +listMapKey=type
conditions: [...#CustomResourceDefinitionCondition] @go(Conditions,[]CustomResourceDefinitionCondition) @protobuf(1,bytes,opt)
// acceptedNames are the names that are actually being used to serve discovery.
// They may be different than the names in spec.
// +optional
acceptedNames: #CustomResourceDefinitionNames @go(AcceptedNames) @protobuf(2,bytes,opt)
// storedVersions lists all versions of CustomResources that were ever persisted. Tracking these
// versions allows a migration path for stored versions in etcd. The field is mutable
// so a migration controller can finish a migration to another version (ensuring
// no old objects are left in storage), and then remove the rest of the
// versions from this list.
// Versions may not be removed from `spec.versions` while they exist in this list.
// +optional
storedVersions: [...string] @go(StoredVersions,[]string) @protobuf(3,bytes,rep)
}
#CustomResourceCleanupFinalizer: "customresourcecleanup.apiextensions.k8s.io"
// CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format
// <.spec.name>.<.spec.group>.
#CustomResourceDefinition: {
metav1.#TypeMeta
// Standard object's metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec describes how the user wants the resources to appear
spec: #CustomResourceDefinitionSpec @go(Spec) @protobuf(2,bytes,opt)
// status indicates the actual state of the CustomResourceDefinition
// +optional
status?: #CustomResourceDefinitionStatus @go(Status) @protobuf(3,bytes,opt)
}
// CustomResourceDefinitionList is a list of CustomResourceDefinition objects.
#CustomResourceDefinitionList: {
metav1.#TypeMeta
// Standard object's metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items list individual CustomResourceDefinition objects
items: [...#CustomResourceDefinition] @go(Items,[]CustomResourceDefinition) @protobuf(2,bytes,rep)
}
// CustomResourceValidation is a list of validation methods for CustomResources.
#CustomResourceValidation: {
// openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.
// +optional
openAPIV3Schema?: null | #JSONSchemaProps @go(OpenAPIV3Schema,*JSONSchemaProps) @protobuf(1,bytes,opt)
}
// CustomResourceSubresources defines the status and scale subresources for CustomResources.
#CustomResourceSubresources: {
// status indicates the custom resource should serve a `/status` subresource.
// When enabled:
// 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object.
// 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object.
// +optional
status?: null | #CustomResourceSubresourceStatus @go(Status,*CustomResourceSubresourceStatus) @protobuf(1,bytes,opt)
// scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object.
// +optional
scale?: null | #CustomResourceSubresourceScale @go(Scale,*CustomResourceSubresourceScale) @protobuf(2,bytes,opt)
}
// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources.
// Status is represented by the `.status` JSON path inside of a CustomResource. When set,
// * exposes a /status subresource for the custom resource
// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza
// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza
#CustomResourceSubresourceStatus: {
}
// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.
#CustomResourceSubresourceScale: {
// specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under `.spec`.
// If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.
specReplicasPath: string @go(SpecReplicasPath) @protobuf(1,bytes)
// statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under `.status`.
// If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource
// will default to 0.
statusReplicasPath: string @go(StatusReplicasPath) @protobuf(2,bytes,opt)
// labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under `.status` or `.spec`.
// Must be set to work with HorizontalPodAutoscaler.
// The field pointed by this JSON path must be a string field (not a complex selector struct)
// which contains a serialized label selector in string form.
// More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
// If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale`
// subresource will default to the empty string.
// +optional
labelSelectorPath?: null | string @go(LabelSelectorPath,*string) @protobuf(3,bytes,opt)
}
// ConversionReview describes a conversion request/response.
#ConversionReview: {
metav1.#TypeMeta
// request describes the attributes for the conversion request.
// +optional
request?: null | #ConversionRequest @go(Request,*ConversionRequest) @protobuf(1,bytes,opt)
// response describes the attributes for the conversion response.
// +optional
response?: null | #ConversionResponse @go(Response,*ConversionResponse) @protobuf(2,bytes,opt)
}
// ConversionRequest describes the conversion request parameters.
#ConversionRequest: {
// uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are
// otherwise identical (parallel requests, etc).
// The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request.
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
uid: types.#UID @go(UID) @protobuf(1,bytes)
// desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1"
desiredAPIVersion: string @go(DesiredAPIVersion) @protobuf(2,bytes)
// objects is the list of custom resource objects to be converted.
objects: [...runtime.#RawExtension] @go(Objects,[]runtime.RawExtension) @protobuf(3,bytes,rep)
}
// ConversionResponse describes a conversion response.
#ConversionResponse: {
// uid is an identifier for the individual request/response.
// This should be copied over from the corresponding `request.uid`.
uid: types.#UID @go(UID) @protobuf(1,bytes)
// convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty.
// The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list
// must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace).
// The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored.
convertedObjects: [...runtime.#RawExtension] @go(ConvertedObjects,[]runtime.RawExtension) @protobuf(2,bytes,rep)
// result contains the result of conversion with extra details if the conversion failed. `result.status` determines if
// the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the
// conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set
// `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message`
// will be used to construct an error message for the end user.
result: metav1.#Status @go(Result) @protobuf(3,bytes)
}

317
timoni/podinfo/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue Normal file
View File

@@ -0,0 +1,317 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
package v1
// FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation.
// +enum
#FieldValueErrorReason: string // #enumFieldValueErrorReason
#enumFieldValueErrorReason:
#FieldValueRequired |
#FieldValueDuplicate |
#FieldValueInvalid |
#FieldValueForbidden
// FieldValueRequired is used to report required values that are not
// provided (e.g. empty strings, null values, or empty arrays).
#FieldValueRequired: #FieldValueErrorReason & "FieldValueRequired"
// FieldValueDuplicate is used to report collisions of values that must be
// unique (e.g. unique IDs).
#FieldValueDuplicate: #FieldValueErrorReason & "FieldValueDuplicate"
// FieldValueInvalid is used to report malformed values (e.g. failed regex
// match, too long, out of bounds).
#FieldValueInvalid: #FieldValueErrorReason & "FieldValueInvalid"
// FieldValueForbidden is used to report valid (as per formatting rules)
// values which would be accepted under some conditions, but which are not
// permitted by the current conditions (such as security policy).
#FieldValueForbidden: #FieldValueErrorReason & "FieldValueForbidden"
// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).
#JSONSchemaProps: {
id?: string @go(ID) @protobuf(1,bytes,opt)
$schema?: #JSONSchemaURL @go(Schema) @protobuf(2,bytes,opt,name=schema)
$ref?: null | string @go(Ref,*string) @protobuf(3,bytes,opt,name=ref)
description?: string @go(Description) @protobuf(4,bytes,opt)
type?: string @go(Type) @protobuf(5,bytes,opt)
// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:
//
// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string
// - uri: an URI as parsed by Golang net/url.ParseRequestURI
// - email: an email address as parsed by Golang net/mail.ParseAddress
// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].
// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP
// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP
// - cidr: a CIDR as parsed by Golang net.ParseCIDR
// - mac: a MAC address as parsed by Golang net.ParseMAC
// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041"
// - isbn10: an ISBN10 number string like "0321751043"
// - isbn13: an ISBN13 number string like "978-0321751041"
// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in
// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$
// - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$
// - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559"
// - byte: base64 encoded binary data
// - password: any kind of string
// - date: a date string like "2006-01-02" as defined by full-date in RFC3339
// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format
// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
format?: string @go(Format) @protobuf(6,bytes,opt)
title?: string @go(Title) @protobuf(7,bytes,opt)
// default is a default value for undefined object fields.
// Defaulting is a beta feature under the CustomResourceDefaulting feature gate.
// Defaulting requires spec.preserveUnknownFields to be false.
default?: null | #JSON @go(Default,*JSON) @protobuf(8,bytes,opt)
maximum?: null | float64 @go(Maximum,*float64) @protobuf(9,bytes,opt)
exclusiveMaximum?: bool @go(ExclusiveMaximum) @protobuf(10,bytes,opt)
minimum?: null | float64 @go(Minimum,*float64) @protobuf(11,bytes,opt)
exclusiveMinimum?: bool @go(ExclusiveMinimum) @protobuf(12,bytes,opt)
maxLength?: null | int64 @go(MaxLength,*int64) @protobuf(13,bytes,opt)
minLength?: null | int64 @go(MinLength,*int64) @protobuf(14,bytes,opt)
pattern?: string @go(Pattern) @protobuf(15,bytes,opt)
maxItems?: null | int64 @go(MaxItems,*int64) @protobuf(16,bytes,opt)
minItems?: null | int64 @go(MinItems,*int64) @protobuf(17,bytes,opt)
uniqueItems?: bool @go(UniqueItems) @protobuf(18,bytes,opt)
multipleOf?: null | float64 @go(MultipleOf,*float64) @protobuf(19,bytes,opt)
enum?: [...#JSON] @go(Enum,[]JSON) @protobuf(20,bytes,rep)
maxProperties?: null | int64 @go(MaxProperties,*int64) @protobuf(21,bytes,opt)
minProperties?: null | int64 @go(MinProperties,*int64) @protobuf(22,bytes,opt)
required?: [...string] @go(Required,[]string) @protobuf(23,bytes,rep)
items?: null | #JSONSchemaPropsOrArray @go(Items,*JSONSchemaPropsOrArray) @protobuf(24,bytes,opt)
allOf?: [...#JSONSchemaProps] @go(AllOf,[]JSONSchemaProps) @protobuf(25,bytes,rep)
oneOf?: [...#JSONSchemaProps] @go(OneOf,[]JSONSchemaProps) @protobuf(26,bytes,rep)
anyOf?: [...#JSONSchemaProps] @go(AnyOf,[]JSONSchemaProps) @protobuf(27,bytes,rep)
not?: null | #JSONSchemaProps @go(Not,*JSONSchemaProps) @protobuf(28,bytes,opt)
properties?: {[string]: #JSONSchemaProps} @go(Properties,map[string]JSONSchemaProps) @protobuf(29,bytes,rep)
additionalProperties?: null | #JSONSchemaPropsOrBool @go(AdditionalProperties,*JSONSchemaPropsOrBool) @protobuf(30,bytes,opt)
patternProperties?: {[string]: #JSONSchemaProps} @go(PatternProperties,map[string]JSONSchemaProps) @protobuf(31,bytes,rep)
dependencies?: #JSONSchemaDependencies @go(Dependencies) @protobuf(32,bytes,opt)
additionalItems?: null | #JSONSchemaPropsOrBool @go(AdditionalItems,*JSONSchemaPropsOrBool) @protobuf(33,bytes,opt)
definitions?: #JSONSchemaDefinitions @go(Definitions) @protobuf(34,bytes,opt)
externalDocs?: null | #ExternalDocumentation @go(ExternalDocs,*ExternalDocumentation) @protobuf(35,bytes,opt)
example?: null | #JSON @go(Example,*JSON) @protobuf(36,bytes,opt)
nullable?: bool @go(Nullable) @protobuf(37,bytes,opt)
// x-kubernetes-preserve-unknown-fields stops the API server
// decoding step from pruning fields which are not specified
// in the validation schema. This affects fields recursively,
// but switches back to normal pruning behaviour if nested
// properties or additionalProperties are specified in the schema.
// This can either be true or undefined. False is forbidden.
"x-kubernetes-preserve-unknown-fields"?: null | bool @go(XPreserveUnknownFields,*bool) @protobuf(38,bytes,opt,name=xKubernetesPreserveUnknownFields)
// x-kubernetes-embedded-resource defines that the value is an
// embedded Kubernetes runtime.Object, with TypeMeta and
// ObjectMeta. The type must be object. It is allowed to further
// restrict the embedded object. kind, apiVersion and metadata
// are validated automatically. x-kubernetes-preserve-unknown-fields
// is allowed to be true, but does not have to be if the object
// is fully specified (up to kind, apiVersion, metadata).
"x-kubernetes-embedded-resource"?: bool @go(XEmbeddedResource) @protobuf(39,bytes,opt,name=xKubernetesEmbeddedResource)
// x-kubernetes-int-or-string specifies that this value is
// either an integer or a string. If this is true, an empty
// type is allowed and type as child of anyOf is permitted
// if following one of the following patterns:
//
// 1) anyOf:
// - type: integer
// - type: string
// 2) allOf:
// - anyOf:
// - type: integer
// - type: string
// - ... zero or more
"x-kubernetes-int-or-string"?: bool @go(XIntOrString) @protobuf(40,bytes,opt,name=xKubernetesIntOrString)
// x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used
// as the index of the map.
//
// This tag MUST only be used on lists that have the "x-kubernetes-list-type"
// extension set to "map". Also, the values specified for this attribute must
// be a scalar typed field of the child structure (no nesting is supported).
//
// The properties specified must either be required or have a default value,
// to ensure those properties are present for all list items.
//
// +optional
"x-kubernetes-list-map-keys"?: [...string] @go(XListMapKeys,[]string) @protobuf(41,bytes,rep,name=xKubernetesListMapKeys)
// x-kubernetes-list-type annotates an array to further describe its topology.
// This extension must only be used on lists and may have 3 possible values:
//
// 1) `atomic`: the list is treated as a single entity, like a scalar.
// Atomic lists will be entirely replaced when updated. This extension
// may be used on any type of list (struct, scalar, ...).
// 2) `set`:
// Sets are lists that must not have multiple items with the same value. Each
// value must be a scalar, an object with x-kubernetes-map-type `atomic` or an
// array with x-kubernetes-list-type `atomic`.
// 3) `map`:
// These lists are like maps in that their elements have a non-index key
// used to identify them. Order is preserved upon merge. The map tag
// must only be used on a list with elements of type object.
// Defaults to atomic for arrays.
// +optional
"x-kubernetes-list-type"?: null | string @go(XListType,*string) @protobuf(42,bytes,opt,name=xKubernetesListType)
// x-kubernetes-map-type annotates an object to further describe its topology.
// This extension must only be used when type is object and may have 2 possible values:
//
// 1) `granular`:
// These maps are actual maps (key-value pairs) and each fields are independent
// from each other (they can each be manipulated by separate actors). This is
// the default behaviour for all maps.
// 2) `atomic`: the list is treated as a single entity, like a scalar.
// Atomic maps will be entirely replaced when updated.
// +optional
"x-kubernetes-map-type"?: null | string @go(XMapType,*string) @protobuf(43,bytes,opt,name=xKubernetesMapType)
// x-kubernetes-validations describes a list of validation rules written in the CEL expression language.
// This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.
// +patchMergeKey=rule
// +patchStrategy=merge
// +listType=map
// +listMapKey=rule
"x-kubernetes-validations"?: #ValidationRules @go(XValidations) @protobuf(44,bytes,rep,name=xKubernetesValidations)
}
// ValidationRules describes a list of validation rules written in the CEL expression language.
#ValidationRules: [...#ValidationRule]
// ValidationRule describes a validation rule written in the CEL expression language.
#ValidationRule: {
// Rule represents the expression which will be evaluated by CEL.
// ref: https://github.com/google/cel-spec
// The Rule is scoped to the location of the x-kubernetes-validations extension in the schema.
// The `self` variable in the CEL expression is bound to the scoped value.
// Example:
// - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"}
//
// If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable
// via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as
// absent fields in CEL expressions.
// If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map
// are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map
// are accessible via CEL macros and functions such as `self.all(...)`.
// If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and
// functions.
// If the Rule is scoped to a scalar, `self` is bound to the scalar value.
// Examples:
// - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"}
// - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"}
// - Rule scoped to a string value: {"rule": "self.startsWith('kube')"}
//
// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
// object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible.
//
// Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL
// expressions. This includes:
// - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.
// - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as:
// - A schema with no type and x-kubernetes-preserve-unknown-fields set to true
// - An array where the items schema is of an "unknown type"
// - An object where the additionalProperties schema is of an "unknown type"
//
// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
// Accessible property names are escaped according to the following rules when accessed in the expression:
// - '__' escapes to '__underscores__'
// - '.' escapes to '__dot__'
// - '-' escapes to '__dash__'
// - '/' escapes to '__slash__'
// - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
// "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
// "import", "let", "loop", "package", "namespace", "return".
// Examples:
// - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"}
// - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"}
// - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"}
//
// Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
// non-intersecting elements in `Y` are appended, retaining their partial order.
// - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
// are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
// non-intersecting keys are appended, retaining their partial order.
rule: string @go(Rule) @protobuf(1,bytes,opt)
// Message represents the message displayed when validation fails. The message is required if the Rule contains
// line breaks. The message must not contain line breaks.
// If unset, the message is "failed rule: {Rule}".
// e.g. "must be a URL with the host matching spec.host"
message?: string @go(Message) @protobuf(2,bytes,opt)
// MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
// Since messageExpression is used as a failure message, it must evaluate to a string.
// If both message and messageExpression are present on a rule, then messageExpression will be used if validation
// fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced
// as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
// that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and
// the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.
// messageExpression has access to all the same variables as the rule; the only difference is the return type.
// Example:
// "x must be less than max ("+string(self.max)+")"
// +optional
messageExpression?: string @go(MessageExpression) @protobuf(3,bytes,opt)
// reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
// The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule.
// The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
// If not set, default to use "FieldValueInvalid".
// All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
// +optional
reason?: null | #FieldValueErrorReason @go(Reason,*FieldValueErrorReason) @protobuf(4,bytes,opt)
// fieldPath represents the field path returned when the validation fails.
// It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
// e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
// If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
// It does not support list numeric index.
// It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
// Numeric index of array is not supported.
// For field name which contains special characters, use `['specialName']` to refer the field name.
// e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
// +optional
fieldPath?: string @go(FieldPath) @protobuf(5,bytes,opt)
}
// JSON represents any valid JSON value.
// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
#JSON: _
// JSONSchemaURL represents a schema url.
#JSONSchemaURL: string
// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps
// or an array of JSONSchemaProps. Mainly here for serialization purposes.
#JSONSchemaPropsOrArray: _
// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value.
// Defaults to true for the boolean property.
#JSONSchemaPropsOrBool: _
// JSONSchemaDependencies represent a dependencies property.
#JSONSchemaDependencies: {[string]: #JSONSchemaPropsOrStringArray}
// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array.
#JSONSchemaPropsOrStringArray: _
// JSONSchemaDefinitions contains the models explicitly defined in this spec.
#JSONSchemaDefinitions: {[string]: #JSONSchemaProps}
// ExternalDocumentation allows referencing an external resource for extended documentation.
#ExternalDocumentation: {
description?: string @go(Description) @protobuf(1,bytes,opt)
url?: string @go(URL) @protobuf(2,bytes,opt)
}

47
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue Normal file
View File

@@ -0,0 +1,47 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
// Scale is used for getting and setting the base-10 scaled value.
// Base-2 scales are omitted for mathematical simplicity.
// See Quantity.ScaledValue for more details.
#Scale: int32 // #enumScale
#enumScale:
#Nano |
#Micro |
#Milli |
#Kilo |
#Mega |
#Giga |
#Tera |
#Peta |
#Exa
#values_Scale: {
Nano: #Nano
Micro: #Micro
Milli: #Milli
Kilo: #Kilo
Mega: #Mega
Giga: #Giga
Tera: #Tera
Peta: #Peta
Exa: #Exa
}
#Nano: #Scale & -9
#Micro: #Scale & -6
#Milli: #Scale & -3
#Kilo: #Scale & 3
#Mega: #Scale & 6
#Giga: #Scale & 9
#Tera: #Scale & 12
#Peta: #Scale & 15
#Exa: #Scale & 18
// infDecAmount implements common operations over an inf.Dec that are specific to the quantity
// representation.
_#infDecAmount: string

13
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue Normal file
View File

@@ -0,0 +1,13 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64.
// It is also the maximum decimal digits that can be represented with an int64.
_#maxInt64Factors: 18
_#mostNegative: -9223372036854775808
_#mostPositive: 9223372036854775807

107
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue Normal file
View File

@@ -0,0 +1,107 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
// Quantity is a fixed-point representation of a number.
// It provides convenient marshaling/unmarshaling in JSON and YAML,
// in addition to String() and AsInt64() accessors.
//
// The serialization format is:
//
// ```
// <quantity> ::= <signedNumber><suffix>
//
// (Note that <suffix> may be empty, from the "" case in <decimalSI>.)
//
// <digit> ::= 0 | 1 | ... | 9
// <digits> ::= <digit> | <digit><digits>
// <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits>
// <sign> ::= "+" | "-"
// <signedNumber> ::= <number> | <sign><number>
// <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI>
// <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
//
// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
//
// <decimalSI> ::= m | "" | k | M | G | T | P | E
//
// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
//
// <decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber>
// ```
//
// No matter which of the three exponent forms is used, no quantity may represent
// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal
// places. Numbers larger or more precise will be capped or rounded up.
// (E.g.: 0.1m will rounded up to 1m.)
// This may be extended in the future if we require larger or smaller quantities.
//
// When a Quantity is parsed from a string, it will remember the type of suffix
// it had, and will use the same type again when it is serialized.
//
// Before serializing, Quantity will be put in "canonical form".
// This means that Exponent/suffix will be adjusted up or down (with a
// corresponding increase or decrease in Mantissa) such that:
//
// - No precision is lost
// - No fractional digits will be emitted
// - The exponent (or suffix) is as large as possible.
//
// The sign will be omitted unless the number is negative.
//
// Examples:
//
// - 1.5 will be serialized as "1500m"
// - 1.5Gi will be serialized as "1536Mi"
//
// Note that the quantity will NEVER be internally represented by a
// floating point number. That is the whole point of this exercise.
//
// Non-canonical values will still parse as long as they are well formed,
// but will be re-emitted in their canonical form. (So always use canonical
// form, or don't diff.)
//
// This format is intended to make it difficult to use these numbers without
// writing some sort of special handling code in the hopes that that will
// cause implementors to also use a fixed point implementation.
//
// +protobuf=true
// +protobuf.embed=string
// +protobuf.options.marshal=false
// +protobuf.options.(gogoproto.goproto_stringer)=false
// +k8s:deepcopy-gen=true
// +k8s:openapi-gen=true
#Quantity: _
// CanonicalValue allows a quantity amount to be converted to a string.
#CanonicalValue: _
// Format lists the three possible formattings of a quantity.
#Format: string // #enumFormat
#enumFormat:
#DecimalExponent |
#BinarySI |
#DecimalSI
#DecimalExponent: #Format & "DecimalExponent"
#BinarySI: #Format & "BinarySI"
#DecimalSI: #Format & "DecimalSI"
// splitREString is used to separate a number from its suffix; as such,
// this is overly permissive, but that's OK-- it will be checked later.
_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
_#int64QuantityExpectedBytes: 18
// QuantityValue makes it possible to use a Quantity as value for a command
// line parameter.
//
// +protobuf=true
// +protobuf.embed=string
// +protobuf.options.marshal=false
// +protobuf.options.(gogoproto.goproto_stringer)=false
// +k8s:deepcopy-gen=true
#QuantityValue: _

10
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue Normal file
View File

@@ -0,0 +1,10 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
_#suffix: string
// suffixer can interpret and construct suffixes.
_#suffixer: _

10
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue Normal file
View File

@@ -0,0 +1,10 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// Duration is a wrapper around time.Duration which supports correct
// marshaling to YAML and JSON. In particular, it marshals into strings, which
// can be used as map keys in json.
#Duration: _

48
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue Normal file
View File

@@ -0,0 +1,48 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying
// concepts during lookup stages without having partially valid types
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupResource: {
group: string @go(Group) @protobuf(1,bytes,opt)
resource: string @go(Resource) @protobuf(2,bytes,opt)
}
// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupVersionResource: {
group: string @go(Group) @protobuf(1,bytes,opt)
version: string @go(Version) @protobuf(2,bytes,opt)
resource: string @go(Resource) @protobuf(3,bytes,opt)
}
// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
// concepts during lookup stages without having partially valid types
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupKind: {
group: string @go(Group) @protobuf(1,bytes,opt)
kind: string @go(Kind) @protobuf(2,bytes,opt)
}
// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion
// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupVersionKind: {
group: string @go(Group) @protobuf(1,bytes,opt)
version: string @go(Version) @protobuf(2,bytes,opt)
kind: string @go(Kind) @protobuf(3,bytes,opt)
}
// GroupVersion contains the "group" and the "version", which uniquely identifies the API.
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupVersion: _

33
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue Normal file
View File

@@ -0,0 +1,33 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// TODO: move this, Object, List, and Type to a different package
#ObjectMetaAccessor: _
// Object lets you work with object metadata from any of the versioned or
// internal API objects. Attempting to set or retrieve a field on an object that does
// not support that field (Name, UID, Namespace on lists) will be a no-op and return
// a default value.
#Object: _
// ListMetaAccessor retrieves the list interface from an object
#ListMetaAccessor: _
// Common lets you work with core metadata from any of the versioned or
// internal API objects. Attempting to set or retrieve a field on an object that does
// not support that field will be a no-op and return a default value.
// TODO: move this, and TypeMeta and ListMeta, to a different package
#Common: _
// ListInterface lets you work with list metadata from any of the versioned or
// internal API objects. Attempting to set or retrieve a field on an object that does
// not support that field will be a no-op and return a default value.
// TODO: move this, and TypeMeta and ListMeta, to a different package
#ListInterface: _
// Type exposes the type and APIVersion of versioned or internal API objects.
// TODO: move this, and TypeMeta and ListMeta, to a different package
#Type: _

14
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue Normal file
View File

@@ -0,0 +1,14 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00"
// MicroTime is version of Time with microsecond level precision.
//
// +protobuf.options.marshal=false
// +protobuf.as=Timestamp
// +protobuf.options.(gogoproto.goproto_stringer)=false
#MicroTime: _

9
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue Normal file
View File

@@ -0,0 +1,9 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
#GroupName: "meta.k8s.io"
#WatchEventKind: "WatchEvent"

14
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue Normal file
View File

@@ -0,0 +1,14 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// Time is a wrapper around time.Time which supports correct
// marshaling to YAML and JSON. Wrappers are provided for many
// of the factory methods that the time package offers.
//
// +protobuf.options.marshal=false
// +protobuf.as=Timestamp
// +protobuf.options.(gogoproto.goproto_stringer)=false
#Time: _

21
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue Normal file
View File

@@ -0,0 +1,21 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// Timestamp is a struct that is equivalent to Time, but intended for
// protobuf marshalling/unmarshalling. It is generated into a serialization
// that matches Time. Do not use in Go structs.
#Timestamp: {
// Represents seconds of UTC time since Unix epoch
// 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
// 9999-12-31T23:59:59Z inclusive.
seconds: int64 @go(Seconds) @protobuf(1,varint,opt)
// Non-negative fractions of a second at nanosecond resolution. Negative
// second values with fractions must still have non-negative nanos values
// that count forward in time. Must be from 0 to 999,999,999
// inclusive. This field may be limited in precision depending on context.
nanos: int32 @go(Nanos) @protobuf(2,varint,opt)
}

1561
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue Normal file
View File

File diff suppressed because it is too large Load Diff

30
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue Normal file
View File

@@ -0,0 +1,30 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
)
// Event represents a single event to a watched resource.
//
// +protobuf=true
// +k8s:deepcopy-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
#WatchEvent: {
type: string @go(Type) @protobuf(1,bytes,opt)
// Object is:
// * If Type is Added or Modified: the new state of the object.
// * If Type is Deleted: the state of the object immediately before deletion.
// * If Type is Error: *Status is recommended; other types may make sense
// depending on context.
object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt)
}
// InternalEvent makes watch.Event versioned
// +protobuf=false
#InternalEvent: watch.#Event

10
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue Normal file
View File

@@ -0,0 +1,10 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// SimpleAllocator a wrapper around make([]byte)
// conforms to the MemoryAllocator interface
#SimpleAllocator: {
}

37
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue Normal file
View File

@@ -0,0 +1,37 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// codec binds an encoder and decoder.
_#codec: {
Encoder: #Encoder
Decoder: #Decoder
}
// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding.
#NoopEncoder: {
Decoder: #Decoder
}
_#noopEncoderIdentifier: #Identifier & "noop"
// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding.
#NoopDecoder: {
Encoder: #Encoder
}
_#base64Serializer: {
Encoder: #Encoder
Decoder: #Decoder
}
_#internalGroupVersionerIdentifier: "internal"
_#disabledGroupVersionerIdentifier: "disabled"
_#internalGroupVersioner: {
}
_#disabledGroupVersioner: {
}

7
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
// Package runtime defines conversions between generic types and structs to map query strings
// to struct objects.
package runtime

9
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue Normal file
View File

@@ -0,0 +1,9 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// UnstructuredConverter is an interface for converting between interface{}
// and map[string]interface representation.
#UnstructuredConverter: _

39
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,39 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
// Package runtime includes helper functions for working with API objects
// that follow the kubernetes API object conventions, which are:
//
// 0. Your API objects have a common metadata struct member, TypeMeta.
//
// 1. Your code refers to an internal set of API objects.
//
// 2. In a separate package, you have an external set of API objects.
//
// 3. The external set is considered to be versioned, and no breaking
// changes are ever made to it (fields may be added but not changed
// or removed).
//
// 4. As your api evolves, you'll make an additional versioned package
// with every major change.
//
// 5. Versioned packages have conversion functions which convert to
// and from the internal version.
//
// 6. You'll continue to support older versions according to your
// deprecation policy, and you can easily provide a program/library
// to update old versions into new versions because of 5.
//
// 7. All of your serializations and deserializations are handled in a
// centralized place.
//
// Package runtime provides a conversion helper to make 5 easy, and the
// Encode/Decode/DecodeInto trio to accomplish 7. You can also register
// additional "codecs" which use a version of your choice. It's
// recommended that you register your types with runtime in your
// package's init function.
//
// As a bonus, a few common types useful from all api objects and versions
// are provided in types.go.
package runtime

7
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
_#encodable: _

23
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue Normal file
View File

@@ -0,0 +1,23 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// MultiObjectTyper returns the types of objects across multiple schemes in order.
#MultiObjectTyper: [...#ObjectTyper]
_#defaultFramer: {
}
// WithVersionEncoder serializes an object and ensures the GVK is set.
#WithVersionEncoder: {
Version: #GroupVersioner
Encoder: #Encoder
ObjectTyper: #ObjectTyper
}
// WithoutVersionDecoder clears the group version kind of a deserialized object.
#WithoutVersionDecoder: {
Decoder: #Decoder
}

165
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue Normal file
View File

@@ -0,0 +1,165 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// APIVersionInternal may be used if you are registering a type that should not
// be considered stable or serialized - it is a convention only and has no
// special behavior in this package.
#APIVersionInternal: "__internal"
// GroupVersioner refines a set of possible conversion targets into a single option.
#GroupVersioner: _
// Identifier represents an identifier.
// Identitier of two different objects should be equal if and only if for every
// input the output they produce is exactly the same.
#Identifier: string // #enumIdentifier
#enumIdentifier:
_#noopEncoderIdentifier
// Encoder writes objects to a serialized form
#Encoder: _
// MemoryAllocator is responsible for allocating memory.
// By encapsulating memory allocation into its own interface, we can reuse the memory
// across many operations in places we know it can significantly improve the performance.
#MemoryAllocator: _
// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations.
#EncoderWithAllocator: _
// Decoder attempts to load an object from data.
#Decoder: _
// Serializer is the core interface for transforming objects into a serialized format and back.
// Implementations may choose to perform conversion of the object, but no assumptions should be made.
#Serializer: _
// Codec is a Serializer that deals with the details of versioning objects. It offers the same
// interface as Serializer, so this is a marker to consumers that care about the version of the objects
// they receive.
#Codec: #Serializer
// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and
// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing
// and the desired version must be specified.
#ParameterCodec: _
// Framer is a factory for creating readers and writers that obey a particular framing pattern.
#Framer: _
// SerializerInfo contains information about a specific serialization format
#SerializerInfo: {
// MediaType is the value that represents this serializer over the wire.
MediaType: string
// MediaTypeType is the first part of the MediaType ("application" in "application/json").
MediaTypeType: string
// MediaTypeSubType is the second part of the MediaType ("json" in "application/json").
MediaTypeSubType: string
// EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
EncodesAsText: bool
// Serializer is the individual object serializer for this media type.
Serializer: #Serializer
// PrettySerializer, if set, can serialize this object in a form biased towards
// readability.
PrettySerializer: #Serializer
// StrictSerializer, if set, deserializes this object strictly,
// erring on unknown fields.
StrictSerializer: #Serializer
// StreamSerializer, if set, describes the streaming serialization format
// for this media type.
StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo)
}
// StreamSerializerInfo contains information about a specific stream serialization format
#StreamSerializerInfo: {
// EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
EncodesAsText: bool
// Serializer is the top level object serializer for this type when streaming
Serializer: #Serializer
// Framer is the factory for retrieving streams that separate objects on the wire
Framer: #Framer
}
// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers
// for multiple supported media types. This would commonly be accepted by a server component
// that performs HTTP content negotiation to accept multiple formats.
#NegotiatedSerializer: _
// ClientNegotiator handles turning an HTTP content type into the appropriate encoder.
// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from
// a NegotiatedSerializer.
#ClientNegotiator: _
// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers
// that can read and write data at rest. This would commonly be used by client tools that must
// read files, or server side storage interfaces that persist restful objects.
#StorageSerializer: _
// NestedObjectEncoder is an optional interface that objects may implement to be given
// an opportunity to encode any nested Objects / RawExtensions during serialization.
#NestedObjectEncoder: _
// NestedObjectDecoder is an optional interface that objects may implement to be given
// an opportunity to decode any nested Objects / RawExtensions during serialization.
// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding
// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields).
// As such it is important for callers of DecodeNestedObjects to check to confirm whether
// an error is a runtime.StrictDecodingError before short circuiting.
// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError
// is only returned when the rest of decoding has succeeded.
#NestedObjectDecoder: _
#ObjectDefaulter: _
#ObjectVersioner: _
// ObjectConvertor converts an object to a different version.
#ObjectConvertor: _
// ObjectTyper contains methods for extracting the APIVersion and Kind
// of objects.
#ObjectTyper: _
// ObjectCreater contains methods for instantiating an object by kind and version.
#ObjectCreater: _
// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource
#EquivalentResourceMapper: _
// EquivalentResourceRegistry provides an EquivalentResourceMapper interface,
// and allows registering known resource[/subresource] -> kind
#EquivalentResourceRegistry: _
// ResourceVersioner provides methods for setting and retrieving
// the resource version from an API object.
#ResourceVersioner: _
// Namer provides methods for retrieving name and namespace of an API object.
#Namer: _
// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are
// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows
// serializers to set the kind, version, and group the object is represented as. An Object may choose
// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized.
#Object: _
// CacheableObject allows an object to cache its different serializations
// to avoid performing the same serialization multiple times.
#CacheableObject: _
// Unstructured objects store values as map[string]interface{}, with only values that can be serialized
// to JSON allowed.
#Unstructured: _

12
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue Normal file
View File

@@ -0,0 +1,12 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// NegotiateError is returned when a ClientNegotiator is unable to locate
// a serializer for the requested operation.
#NegotiateError: {
ContentType: string
Stream: bool
}

12
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue Normal file
View File

@@ -0,0 +1,12 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// Splice is the interface that wraps the Splice method.
//
// Splice moves data from given slice without copying the underlying data for
// efficiency purpose. Therefore, the caller should make sure the underlying
// data is not changed later.
#Splice: _

14
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue Normal file
View File

@@ -0,0 +1,14 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// Pair of strings. We keed the name of fields and the doc
#Pair: {
Name: string
Doc: string
}
// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself
#KubeTypes: [...#Pair]

97
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue Normal file
View File

@@ -0,0 +1,97 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type,
// like this:
//
// type MyAwesomeAPIObject struct {
// runtime.TypeMeta `json:",inline"`
// ... // other fields
// }
//
// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind
//
// TypeMeta is provided here for convenience. You may use it directly from this package or define
// your own with the same fields.
//
// +k8s:deepcopy-gen=false
// +protobuf=true
// +k8s:openapi-gen=true
#TypeMeta: {
// +optional
apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
// +optional
kind?: string @go(Kind) @protobuf(2,bytes,opt)
}
#ContentTypeJSON: "application/json"
#ContentTypeYAML: "application/yaml"
#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf"
// RawExtension is used to hold extensions in external versions.
//
// To use this, make a field which has RawExtension as its type in your external, versioned
// struct, and Object in your internal struct. You also need to register your
// various plugin types.
//
// // Internal package:
//
// type MyAPIObject struct {
// runtime.TypeMeta `json:",inline"`
// MyPlugin runtime.Object `json:"myPlugin"`
// }
//
// type PluginA struct {
// AOption string `json:"aOption"`
// }
//
// // External package:
//
// type MyAPIObject struct {
// runtime.TypeMeta `json:",inline"`
// MyPlugin runtime.RawExtension `json:"myPlugin"`
// }
//
// type PluginA struct {
// AOption string `json:"aOption"`
// }
//
// // On the wire, the JSON will look something like this:
//
// {
// "kind":"MyAPIObject",
// "apiVersion":"v1",
// "myPlugin": {
// "kind":"PluginA",
// "aOption":"foo",
// },
// }
//
// So what happens? Decode first uses json or yaml to unmarshal the serialized data into
// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked.
// The next step is to copy (using pkg/conversion) into the internal struct. The runtime
// package's DefaultScheme has conversion functions installed which will unpack the
// JSON stored in RawExtension, turning it into the correct object type, and storing it
// in the Object. (TODO: In the case where the object is of an unknown type, a
// runtime.Unknown object will be created and stored.)
//
// +k8s:deepcopy-gen=true
// +protobuf=true
// +k8s:openapi-gen=true
#RawExtension: _
// Unknown allows api objects with unknown types to be passed-through. This can be used
// to deal with the API objects from a plug-in. Unknown objects still have functioning
// TypeMeta features-- kind, version, etc.
// TODO: Make this object have easy access to field based accessors and settors for
// metadata and field mutatation.
//
// +k8s:deepcopy-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +protobuf=true
// +k8s:openapi-gen=true
#Unknown: _

9
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue Normal file
View File

@@ -0,0 +1,9 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
#ProtobufMarshaller: _
#ProtobufReverseMarshaller: _

6
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,6 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
// Package types implements various generic types used throughout kubernetes.
package types

12
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue Normal file
View File

@@ -0,0 +1,12 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
#NamespacedName: {
Namespace: string
Name: string
}
#Separator: 47 // '/'

31
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue Normal file
View File

@@ -0,0 +1,31 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
// NodeName is a type that holds a api.Node's Name identifier.
// Being a type captures intent and helps make sure that the node name
// is not confused with similar concepts (the hostname, the cloud provider id,
// the cloud provider name etc)
//
// To clarify the various types:
//
// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName.
// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level.
//
// - Hostname is the hostname of the local machine (from uname -n).
// However, some components allow the user to pass in a --hostname-override flag,
// which will override this in most places. In the absence of anything more meaningful,
// kubelet will use Hostname as the Node.Name when it creates the Node.
//
// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId.
//
// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the
// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up
// to the cloudprovider how to do this mapping.
//
// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the
// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if
// we are using a custom DHCP domain it won't be.
#NodeName: string

21
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue Normal file
View File

@@ -0,0 +1,21 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
// Similarly to above, these are constants to support HTTP PATCH utilized by
// both the client and server that didn't make sense for a whole package to be
// dedicated to.
#PatchType: string // #enumPatchType
#enumPatchType:
#JSONPatchType |
#MergePatchType |
#StrategicMergePatchType |
#ApplyPatchType
#JSONPatchType: #PatchType & "application/json-patch+json"
#MergePatchType: #PatchType & "application/merge-patch+json"
#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json"
#ApplyPatchType: #PatchType & "application/apply-patch+yaml"

10
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue Normal file
View File

@@ -0,0 +1,10 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
// UID is a type that holds unique ID values, including UUIDs. Because we
// don't ONLY use UUIDs, this is an alias to string. Being a type captures
// intent and helps make sure that UIDs and names do not get conflated.
#UID: string

31
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue Normal file
View File

@@ -0,0 +1,31 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr
package intstr
// IntOrString is a type that can hold an int32 or a string. When used in
// JSON or YAML marshalling and unmarshalling, it produces or consumes the
// inner type. This allows you to have, for example, a JSON field that can
// accept a name or number.
// TODO: Rename to Int32OrString
//
// +protobuf=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
// +k8s:openapi-gen=true
#IntOrString: _
// Type represents the stored type of IntOrString.
#Type: int64 // #enumType
#enumType:
#Int |
#String
#values_Type: {
Int: #Int
String: #String
}
#Int: #Type & 0
#String: #Type & 1

7
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue Normal file
View File

@@ -0,0 +1,7 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
// Package watch contains a generic watchable interface, and a fake for
// testing code that uses the watch interface.
package watch

10
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue Normal file
View File

@@ -0,0 +1,10 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
// Recorder records all events that are sent from the watch until it is closed.
#Recorder: {
Interface: #Interface
}

25
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue Normal file
View File

@@ -0,0 +1,25 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch
// channel is full.
#FullChannelBehavior: int // #enumFullChannelBehavior
#enumFullChannelBehavior:
#WaitIfChannelFull |
#DropIfChannelFull
#values_FullChannelBehavior: {
WaitIfChannelFull: #WaitIfChannelFull
DropIfChannelFull: #DropIfChannelFull
}
#WaitIfChannelFull: #FullChannelBehavior & 0
#DropIfChannelFull: #FullChannelBehavior & 1
_#incomingQueueLength: 25
_#internalRunFunctionMarker: "internal-do-function"

12
timoni/podinfo/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue Normal file
View File

@@ -0,0 +1,12 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written.
#Decoder: _
// Reporter hides the details of how an error is turned into a runtime.Object for
// reporting on a watch stream since this package may not import a higher level report.
#Reporter: _

Some files were not shown because too many files have changed in this diff Show More