diff --git a/content/master/_index.md b/content/master/_index.md index 3a810af2..465c3f85 100644 --- a/content/master/_index.md +++ b/content/master/_index.md @@ -1,51 +1,39 @@ --- -title: "Overview" +title: "Welcome" weight: -1 cascade: version: "master" --- -{{< img src="/media/banner.png" alt="Crossplane Popsicle Truck" size="large" >}} +Welcome to the Crossplane documentation. Crossplane is a control plane framework +for platform engineering. -
+# Using the documentation -Crossplane is an open source Kubernetes extension that transforms your Kubernetes -cluster into a **universal control plane**. +Crossplane organizes its documentation into the following sections: -Crossplane lets you manage anything, anywhere, all through standard Kubernetes -APIs. Crossplane can even let you -[order a pizza](https://blog.crossplane.io/providers-101-ordering-pizza-with-kubernetes-and-crossplane/) -directly from Kubernetes. If it has an API, Crossplane can connect to it. +* [What's Crossplane?]({{}}) introduces Crossplane + and explains why you should use it. -With Crossplane, platform teams can create new abstractions and custom -APIs with the full power of Kubernetes policies, namespaces, role based access -controls and more. Crossplane brings all your non-Kubernetes resources under -one roof. +* [What's New in v2?]({{}}) highlights what's changed in + Crossplane v2. -Custom APIs, created by platform teams, allow security and compliance -enforcement across resources or clouds, without exposing any complexity to the -developers. A single API call can create multiple resources, in multiple clouds -and use Kubernetes as the control plane for everything. +* [Get Started]({{}}) explains how to install Crossplane and + create a control plane. -{{< hint "tip" >}} -**What's a control plane?** - -Control planes create and manage the lifecycle of resources. Control planes -constantly _check_ that the intended resources exist, _report_ when the intended -state doesn't match reality and _act_ to make things right. +* [Composition]({{}}) covers the key concepts of composition. -Crossplane extends the Kubernetes control plane to be a **universal control -plane** to check, report and act on any resource, anywhere. - -{{< /hint >}} +* [Managed Resources]({{}}) covers the key concepts of + managed resources. +* [Packages]({{}}) covers the key concepts of the Crossplane + package manager. -# Get started -* [Install Crossplane]({{}}) in your Kubernetes cluster -* Learn more about how Crossplane works in the -[Crossplane introduction]({{}}) -* Join the [Crossplane Slack](https://slack.crossplane.io/) and start a -conversation with a community of over 7,000 operators. +* [Guides]({{}}) guide you through common use cases, like + monitoring Crossplane or extending it by writing a composition function. +* [CLI Reference]({{}}) documents the `crossplane` command-line + interface that you can use to configure a Crossplane control plane. -Crossplane is a [Cloud Native Compute Foundation](https://www.cncf.io/) project. +* [API Reference]({{}}) documents the APIs that you can use to + configure a Crossplane control plane. diff --git a/content/master/api/_index.md b/content/master/api/_index.md index 6075e613..685d4dac 100644 --- a/content/master/api/_index.md +++ b/content/master/api/_index.md @@ -8,6 +8,3 @@ cascade: The Crossplane API describes the types and parameters for the core Crossplane components. - -For details on the components read the [Concepts]({{}}) -section. \ No newline at end of file diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml index d5ee8997..86fdd2ae 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_compositeresourcedefinitions.yaml @@ -116,6 +116,10 @@ spec: x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf + - message: Plural name must be lowercase + rule: self.plural == self.plural.lowerAscii() + - message: Singular name must be lowercase + rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()' connectionSecretKeys: description: |- ConnectionSecretKeys is the list of keys that will be exposed to the end @@ -228,6 +232,10 @@ spec: required: - strategy type: object + x-kubernetes-validations: + - message: Webhook configuration is required when conversion strategy + is Webhook + rule: self.strategy == 'Webhook' && has(self.webhook) defaultCompositeDeletePolicy: default: Background description: |- @@ -355,6 +363,26 @@ spec: x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf + - message: Plural name must be lowercase + rule: self.plural == self.plural.lowerAscii() + - message: Singular name must be lowercase + rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()' + scope: + default: LegacyCluster + description: |- + Scope of the defined composite resource. Namespaced composite resources + are scoped to a single namespace. Cluster scoped composite resource exist + outside the scope of any namespace. Neither can be claimed. Legacy + cluster scoped composite resources are cluster scoped resources that can + be claimed. + enum: + - LegacyCluster + - Namespaced + - Cluster + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf versions: description: |- Versions is the list of all API versions of the defined composite @@ -474,6 +502,9 @@ spec: - names - versions type: object + x-kubernetes-validations: + - message: Only LegacyCluster composite resources can offer claims + rule: self.scope == 'LegacyCluster' || !has(self.claimNames) status: description: CompositeResourceDefinitionStatus shows the observed state of the definition. @@ -569,6 +600,581 @@ spec: type: object type: object served: true + # v1 is actually the storage version, its set to false only here in the docs so v2alpha1 will be displayed + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Established')].status + name: ESTABLISHED + type: string + - jsonPath: .status.conditions[?(@.type=='Offered')].status + name: OFFERED + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v2alpha1 + schema: + openAPIV3Schema: + description: |- + A CompositeResourceDefinition defines the schema for a new custom Kubernetes + API. + + Read the Crossplane documentation for + [more information about CustomResourceDefinitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CompositeResourceDefinitionSpec specifies the desired state + of the definition. + properties: + claimNames: + description: |- + ClaimNames specifies the names of an optional composite resource claim. + When claim names are specified Crossplane will create a namespaced + 'composite resource claim' CRD that corresponds to the defined composite + resource. This composite resource claim acts as a namespaced proxy for + the composite resource; creating, updating, or deleting the claim will + create, update, or delete a corresponding composite resource. You may add + claim names to an existing CompositeResourceDefinition, but they cannot + be changed or removed once they have been set. + + Deprecated: Claims aren't supported in apiextensions.crossplane.io/v2. + properties: + categories: + description: |- + categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). + This is published in API discovery documents, and used by clients to support invocations like + `kubectl get all`. + items: + type: string + type: array + x-kubernetes-list-type: atomic + kind: + description: |- + kind is the serialized kind of the resource. It is normally CamelCase and singular. + Custom resource instances will use this value as the `kind` attribute in API calls. + type: string + listKind: + description: listKind is the serialized kind of the list for this + resource. Defaults to "`kind`List". + type: string + plural: + description: |- + plural is the plural name of the resource to serve. + The custom resources are served under `/apis///.../`. + Must match the name of the CustomResourceDefinition (in the form `.`). + Must be all lowercase. + type: string + shortNames: + description: |- + shortNames are short names for the resource, exposed in API discovery documents, + and used by clients to support invocations like `kubectl get `. + It must be all lowercase. + items: + type: string + type: array + x-kubernetes-list-type: atomic + singular: + description: singular is the singular name of the resource. It + must be all lowercase. Defaults to lowercased `kind`. + type: string + required: + - kind + - plural + type: object + connectionSecretKeys: + description: |- + ConnectionSecretKeys is the list of keys that will be exposed to the end + user of the defined kind. + If the list is empty, all keys will be published. + items: + type: string + type: array + conversion: + description: Conversion defines all conversion settings for the defined + Composite resource. + properties: + strategy: + description: |- + strategy specifies how custom resources are converted between versions. Allowed values are: + - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. + - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information + is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. + type: string + webhook: + description: webhook describes how to call the conversion webhook. + Required when `strategy` is set to `"Webhook"`. + properties: + clientConfig: + description: clientConfig is the instructions for how to call + the webhook if strategy is `Webhook`. + properties: + caBundle: + description: |- + caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. + If unspecified, system trust roots on the apiserver are used. + format: byte + type: string + service: + description: |- + service is a reference to the service for this webhook. Either + service or url must be specified. + + If the webhook is running within the cluster, then you should use `service`. + properties: + name: + description: |- + name is the name of the service. + Required + type: string + namespace: + description: |- + namespace is the namespace of the service. + Required + type: string + path: + description: path is an optional URL path at which + the webhook will be contacted. + type: string + port: + description: |- + port is an optional service port at which the webhook will be contacted. + `port` should be a valid port number (1-65535, inclusive). + Defaults to 443 for backward compatibility. + format: int32 + type: integer + required: + - name + - namespace + type: object + url: + description: |- + url gives the location of the webhook, in standard URL form + (`scheme://host:port/path`). Exactly one of `url` or `service` + must be specified. + + The `host` should not refer to a service running in the cluster; use + the `service` field instead. The host might be resolved via external + DNS in some apiservers (e.g., `kube-apiserver` cannot resolve + in-cluster DNS as that would be a layering violation). `host` may + also be an IP address. + + Please note that using `localhost` or `127.0.0.1` as a `host` is + risky unless you take great care to run this webhook on all hosts + which run an apiserver which might need to make calls to this + webhook. Such installs are likely to be non-portable, i.e., not easy + to turn up in a new cluster. + + The scheme must be "https"; the URL must begin with "https://". + + A path is optional, and if present may be any string permissible in + a URL. You may use the path to pass an arbitrary string to the + webhook, for example, a cluster identifier. + + Attempting to use a user or basic auth e.g. "user:password@" is not + allowed. Fragments ("#...") and query parameters ("?...") are not + allowed, either. + type: string + type: object + conversionReviewVersions: + description: |- + conversionReviewVersions is an ordered list of preferred `ConversionReview` + versions the Webhook expects. The API server will use the first version in + the list which it supports. If none of the versions specified in this list + are supported by API server, conversion will fail for the custom resource. + If a persisted Webhook configuration specifies allowed versions and does not + include any versions known to the API Server, calls to the webhook will fail. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - conversionReviewVersions + type: object + required: + - strategy + type: object + defaultCompositeDeletePolicy: + description: |- + DefaultCompositeDeletePolicy is the policy used when deleting the Composite + that is associated with the Claim if no policy has been specified. + + Deprecated: Claims aren't supported in apiextensions.crossplane.io/v2. + enum: + - Background + - Foreground + type: string + defaultCompositionRef: + description: |- + DefaultCompositionRef refers to the Composition resource that will be used + in case no composition selector is given. + properties: + name: + description: Name of the Composition. + type: string + required: + - name + type: object + defaultCompositionUpdatePolicy: + default: Automatic + description: |- + DefaultCompositionUpdatePolicy is the policy used when updating composites after a new + Composition Revision has been created if no policy has been specified on the composite. + enum: + - Automatic + - Manual + type: string + enforcedCompositionRef: + description: |- + EnforcedCompositionRef refers to the Composition resource that will be used + by all composite instances whose schema is defined by this definition. + properties: + name: + description: Name of the Composition. + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + group: + description: |- + Group specifies the API group of the defined composite resource. + Composite resources are served under `/apis//...`. Must match the + name of the XRD (in the form `.`). + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + metadata: + description: Metadata specifies the desired metadata for the defined + composite resource and claim CRD's. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + and services. + These labels are added to the composite resource and claim CRD's in addition + to any labels defined by `CompositionResourceDefinition` `metadata.labels`. + type: object + type: object + names: + description: |- + Names specifies the resource and kind names of the defined composite + resource. + properties: + categories: + description: |- + categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). + This is published in API discovery documents, and used by clients to support invocations like + `kubectl get all`. + items: + type: string + type: array + x-kubernetes-list-type: atomic + kind: + description: |- + kind is the serialized kind of the resource. It is normally CamelCase and singular. + Custom resource instances will use this value as the `kind` attribute in API calls. + type: string + listKind: + description: listKind is the serialized kind of the list for this + resource. Defaults to "`kind`List". + type: string + plural: + description: |- + plural is the plural name of the resource to serve. + The custom resources are served under `/apis///.../`. + Must match the name of the CustomResourceDefinition (in the form `.`). + Must be all lowercase. + type: string + shortNames: + description: |- + shortNames are short names for the resource, exposed in API discovery documents, + and used by clients to support invocations like `kubectl get `. + It must be all lowercase. + items: + type: string + type: array + x-kubernetes-list-type: atomic + singular: + description: singular is the singular name of the resource. It + must be all lowercase. Defaults to lowercased `kind`. + type: string + required: + - kind + - plural + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + - message: Plural name must be lowercase + rule: self.plural == self.plural.lowerAscii() + - message: Singular name must be lowercase + rule: '!has(self.singular) || self.singular == self.singular.lowerAscii()' + scope: + default: Namespaced + description: |- + Scope of the defined composite resource. Namespaced composite resources + are scoped to a single namespace. Cluster scoped composite resource exist + outside the scope of any namespace. + enum: + - Namespaced + - Cluster + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + versions: + description: |- + Versions is the list of all API versions of the defined composite + resource. Version names are used to compute the order in which served + versions are listed in API discovery. If the version string is + "kube-like", it will sort above non "kube-like" version strings, which + are ordered lexicographically. "Kube-like" versions start with a "v", + then are followed by a number (the major version), then optionally the + string "alpha" or "beta" and another number (the minor version). These + are sorted first by GA > beta > alpha (where GA is a version with no + suffix such as beta or alpha), and then by comparing major version, then + minor version. An example sorted list of versions: v10, v2, v1, v11beta2, + v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. + items: + description: CompositeResourceDefinitionVersion describes a version + of an XR. + properties: + additionalPrinterColumns: + description: |- + AdditionalPrinterColumns specifies additional columns returned in Table + output. If no columns are specified, a single column displaying the age + of the custom resource is used. See the following link for details: + https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables + items: + description: CustomResourceColumnDefinition specifies a column + for server side printing. + properties: + description: + description: description is a human readable description + of this column. + type: string + format: + description: |- + format is an optional OpenAPI type definition for this column. The 'name' format is applied + to the primary identifier column to assist in clients identifying column is the resource name. + See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. + type: string + jsonPath: + description: |- + jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against + each custom resource to produce the value for this column. + type: string + name: + description: name is a human readable name for the column. + type: string + priority: + description: |- + priority is an integer defining the relative importance of this column compared to others. Lower + numbers are considered higher priority. Columns that may be omitted in limited space scenarios + should be given a priority greater than 0. + format: int32 + type: integer + type: + description: |- + type is an OpenAPI type definition for this column. + See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. + type: string + required: + - jsonPath + - name + - type + type: object + type: array + deprecated: + description: |- + The deprecated field specifies that this version is deprecated and should + not be used. + type: boolean + deprecationWarning: + description: |- + DeprecationWarning specifies the message that should be shown to the user + when using this version. + maxLength: 256 + type: string + name: + description: |- + Name of this version, e.g. “v1”, “v2beta1”, etc. Composite resources are + served under this version at `/apis///...` if `served` is + true. + type: string + referenceable: + description: |- + Referenceable specifies that this version may be referenced by a + Composition in order to configure which resources an XR may be composed + of. Exactly one version must be marked as referenceable; all Compositions + must target only the referenceable version. The referenceable version + must be served. It's mapped to the CRD's `spec.versions[*].storage` field. + type: boolean + schema: + description: |- + Schema describes the schema used for validation, pruning, and defaulting + of this version of the defined composite resource. Fields required by all + composite resources will be injected into this schema automatically, and + will override equivalently named fields in this schema. Omitting this + schema results in a schema that contains only the fields required by all + composite resources. + properties: + openAPIV3Schema: + description: |- + OpenAPIV3Schema is the OpenAPI v3 schema to use for validation and + pruning. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: + description: Served specifies that this version should be served + via REST APIs. + type: boolean + required: + - name + - referenceable + - served + type: object + type: array + required: + - group + - names + - versions + type: object + x-kubernetes-validations: + - message: Claims aren't supported in apiextensions.crossplane.io/v2 + rule: '!has(self.claimNames)' + status: + description: CompositeResourceDefinitionStatus shows the observed state + of the definition. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllers: + description: |- + Controllers represents the status of the controllers that power this + composite resource definition. + properties: + compositeResourceClaimType: + description: |- + The CompositeResourceClaimTypeRef is the type of composite resource claim + that Crossplane is currently reconciling for this definition. Its version + will eventually become consistent with the definition's referenceable + version. Note that clients may interact with any served type; this is + simply the type that Crossplane interacts with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + compositeResourceType: + description: |- + The CompositeResourceTypeRef is the type of composite resource that + Crossplane is currently reconciling for this definition. Its version will + eventually become consistent with the definition's referenceable version. + Note that clients may interact with any served type; this is simply the + type that Crossplane interacts with. + properties: + apiVersion: + description: APIVersion of the type. + type: string + kind: + description: Kind of the type. + type: string + required: + - apiVersion + - kind + type: object + type: object + type: object + type: object + served: true + # v2alpha1 is not actually the storage version, but its set to true here in the docs so v2alpha1 will be displayed storage: true subresources: status: {} diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml index 72c81b26..1cf42a2d 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_compositionrevisions.yaml @@ -82,395 +82,16 @@ spec: - message: Value is immutable rule: self == oldSelf mode: - default: Resources + default: Pipeline description: |- Mode controls what type or "mode" of Composition will be used. "Pipeline" indicates that a Composition specifies a pipeline of Composition Functions, each of which is responsible for producing composed resources that Crossplane should create or update. - - "Resources" indicates that a Composition uses what is commonly referred - to as "Patch & Transform" or P&T composition. This mode of Composition - uses an array of resources, each a template for a composed resource. - - All Compositions should use Pipeline mode. Resources mode is deprecated. - Resources mode won't be removed in Crossplane 1.x, and will remain the - default to avoid breaking legacy Compositions. However, it's no longer - accepting new features, and only accepting security related bug fixes. enum: - - Resources - Pipeline type: string - patchSets: - description: |- - PatchSets define a named set of patches that may be included by any - resource in this Composition. PatchSets cannot themselves refer to other - PatchSets. - - PatchSets are only used by the "Resources" mode of Composition. They - are ignored by other modes. - - Deprecated: Use Composition Functions instead. - items: - description: |- - A PatchSet is a set of patches that can be reused from all resources within - a Composition. - properties: - name: - description: Name of this PatchSet. - type: string - patches: - description: Patches will be applied as an overlay to the base - resource. - items: - description: |- - Patch objects are applied between composite and composed resources. Their - behaviour depends on the Type selected. The default Type, - FromCompositeFieldPath, copies a value from the composite resource to - the composed resource, applying any defined transformers. - properties: - combine: - description: |- - Combine is the patch configuration for a CombineFromComposite or - CombineToComposite patch. - properties: - strategy: - description: |- - Strategy defines the strategy to use to combine the input variable values. - Currently only string is supported. - enum: - - string - type: string - string: - description: |- - String declares that input variables should be combined into a single - string, using the relevant settings for formatting purposes. - properties: - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: |- - Variables are the list of variables whose values will be retrieved and - combined. - items: - description: |- - A CombineVariable defines the source of a value that is combined with - others to form and patch an output value. Currently, this only supports - retrieving values from a field path. - properties: - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the source whose value is - to be used as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the resource whose value is - to be used as input. Required when type is FromCompositeFieldPath or - ToCompositeFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: |- - FromFieldPath specifies how to patch from a field path. The default is - 'Optional', which means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if the patch should fail if - the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path. - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: |- - ToFieldPath is the path of the field on the resource whose value will - be changed with the result of transforms. Leave empty if you'd like to - propagate to the same path as fromFieldPath. - type: string - transforms: - description: |- - Transforms are the list of functions that are used as a FIFO pipe for the - input to be transformed. - items: - description: |- - Transform is a unit of process whose input is transformed into an output with - the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: |- - The expected input format. - - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string -> list` conversions. - - If this property is null, the default conversion is applied. - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: |- - The fallback value that should be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: |- - The patterns that should be tested against the input string. - Patterns are tested in order. The value of the first match is used as - result of this transform. - items: - description: |- - MatchTransformPattern is a transform that returns the value that matches a - pattern. - properties: - literal: - description: |- - Literal exactly matches the input string (case sensitive). - Is required if `type` is `literal`. - type: string - regexp: - description: |- - Regexp to match against the input string. - Is required if `type` is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: |- - Type specifies how the pattern matches the input. - - * `literal` - the pattern value has to exactly match (case sensitive) the - input string. This is the default. - - * `regexp` - the pattern treated as a regular expression against - which the input string is tested. Crossplane will throw an error if the - key is not a valid regexp. - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: |- - Math is used to transform the input via mathematical operations such as - multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: |- - String is used to transform the input into a string or a different kind - of string. Note that the input does not necessarily need to be a string. - properties: - convert: - description: |- - Optional conversion method to be specified. - `ToUpper` and `ToLower` change the letter case of the input string. - `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. - `ToJson` converts any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input - converted to JSON. - `ToAdler32` generate a addler32 hash based on the input string. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - - ToAdler32 - type: string - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - join: - description: Join defines parameters to join - a slice of values to a string. - properties: - separator: - description: |- - Separator defines the character that should separate the values from each - other in the joined string. - type: string - required: - - separator - type: object - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: |- - Match string. May optionally include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - - Join - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: |- - Type sets the patching behaviour to be used. Each patch type may require - its own fields to be set on the Patch object. - enum: - - FromCompositeFieldPath - - PatchSet - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - required: - - name - - patches - type: object - type: array pipeline: description: |- Pipeline is a list of composition function steps that will be used when a @@ -518,6 +139,9 @@ spec: - name - source type: object + x-kubernetes-validations: + - message: the Secret source requires a secretRef + rule: self.source == 'Secret' && has(self.secretRef) type: array x-kubernetes-list-map-keys: - name @@ -552,514 +176,6 @@ spec: x-kubernetes-list-map-keys: - step x-kubernetes-list-type: map - publishConnectionDetailsWithStoreConfigRef: - default: - name: default - description: |- - PublishConnectionDetailsWithStoreConfig specifies the secret store config - with which the connection details of composite resources dynamically - provisioned using this composition will be published. - - THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored - unless the relevant Crossplane feature flag is enabled, and may be - changed or removed without notice. - properties: - name: - description: Name of the referenced StoreConfig. - type: string - required: - - name - type: object - resources: - description: |- - Resources is a list of resource templates that will be used when a - composite resource referring to this composition is created. - - Resources are only used by the "Resources" mode of Composition. They are - ignored by other modes. - - Deprecated: Use Composition Functions instead. - items: - description: |- - ComposedTemplate is used to provide information about how the composed resource - should be processed. - properties: - base: - description: Base is the target resource that the patches will - be applied on. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - connectionDetails: - description: |- - ConnectionDetails lists the propagation secret keys from this target - resource to the composition instance connection secret. - items: - description: |- - ConnectionDetail includes the information about the propagation of the connection - information from one secret to another. - properties: - fromConnectionSecretKey: - description: |- - FromConnectionSecretKey is the key that will be used to fetch the value - from the composed resource's connection secret. - type: string - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the composed resource whose - value to be used as input. Name must be specified if the type is - FromFieldPath. - type: string - name: - description: |- - Name of the connection secret key that will be propagated to the - connection secret of the composition instance. Leave empty if you'd like - to use the same key name. - type: string - type: - description: |- - Type sets the connection detail fetching behaviour to be used. Each - connection detail type may require its own fields to be set on the - ConnectionDetail object. If the type is omitted Crossplane will attempt - to infer it based on which other fields were specified. If multiple - fields are specified the order of precedence is: - 1. FromValue - 2. FromConnectionSecretKey - 3. FromFieldPath - enum: - - FromConnectionSecretKey - - FromFieldPath - - FromValue - type: string - value: - description: |- - Value that will be propagated to the connection secret of the composite - resource. May be set to inject a fixed, non-sensitive connection secret - value, for example a well-known port. - type: string - type: object - type: array - name: - description: |- - A Name uniquely identifies this entry within its Composition's resources - array. Names are optional but *strongly* recommended. When all entries in - the resources array are named entries may added, deleted, and reordered - as long as their names do not change. When entries are not named the - length and order of the resources array should be treated as immutable. - Either all or no entries must be named. - type: string - patches: - description: Patches will be applied as overlay to the base - resource. - items: - description: |- - Patch objects are applied between composite and composed resources. Their - behaviour depends on the Type selected. The default Type, - FromCompositeFieldPath, copies a value from the composite resource to - the composed resource, applying any defined transformers. - properties: - combine: - description: |- - Combine is the patch configuration for a CombineFromComposite or - CombineToComposite patch. - properties: - strategy: - description: |- - Strategy defines the strategy to use to combine the input variable values. - Currently only string is supported. - enum: - - string - type: string - string: - description: |- - String declares that input variables should be combined into a single - string, using the relevant settings for formatting purposes. - properties: - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: |- - Variables are the list of variables whose values will be retrieved and - combined. - items: - description: |- - A CombineVariable defines the source of a value that is combined with - others to form and patch an output value. Currently, this only supports - retrieving values from a field path. - properties: - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the source whose value is - to be used as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the resource whose value is - to be used as input. Required when type is FromCompositeFieldPath or - ToCompositeFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: |- - FromFieldPath specifies how to patch from a field path. The default is - 'Optional', which means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if the patch should fail if - the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path. - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: |- - ToFieldPath is the path of the field on the resource whose value will - be changed with the result of transforms. Leave empty if you'd like to - propagate to the same path as fromFieldPath. - type: string - transforms: - description: |- - Transforms are the list of functions that are used as a FIFO pipe for the - input to be transformed. - items: - description: |- - Transform is a unit of process whose input is transformed into an output with - the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: |- - The expected input format. - - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string -> list` conversions. - - If this property is null, the default conversion is applied. - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: |- - The fallback value that should be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: |- - The patterns that should be tested against the input string. - Patterns are tested in order. The value of the first match is used as - result of this transform. - items: - description: |- - MatchTransformPattern is a transform that returns the value that matches a - pattern. - properties: - literal: - description: |- - Literal exactly matches the input string (case sensitive). - Is required if `type` is `literal`. - type: string - regexp: - description: |- - Regexp to match against the input string. - Is required if `type` is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: |- - Type specifies how the pattern matches the input. - - * `literal` - the pattern value has to exactly match (case sensitive) the - input string. This is the default. - - * `regexp` - the pattern treated as a regular expression against - which the input string is tested. Crossplane will throw an error if the - key is not a valid regexp. - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: |- - Math is used to transform the input via mathematical operations such as - multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: |- - String is used to transform the input into a string or a different kind - of string. Note that the input does not necessarily need to be a string. - properties: - convert: - description: |- - Optional conversion method to be specified. - `ToUpper` and `ToLower` change the letter case of the input string. - `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. - `ToJson` converts any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input - converted to JSON. - `ToAdler32` generate a addler32 hash based on the input string. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - - ToAdler32 - type: string - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - join: - description: Join defines parameters to join - a slice of values to a string. - properties: - separator: - description: |- - Separator defines the character that should separate the values from each - other in the joined string. - type: string - required: - - separator - type: object - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: |- - Match string. May optionally include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - - Join - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: |- - Type sets the patching behaviour to be used. Each patch type may require - its own fields to be set on the Patch object. - enum: - - FromCompositeFieldPath - - PatchSet - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - readinessChecks: - default: - - matchCondition: - status: "True" - type: Ready - type: MatchCondition - description: |- - ReadinessChecks allows users to define custom readiness checks. All checks - have to return true in order for resource to be considered ready. The - default readiness check is to have the "Ready" condition to be "True". - items: - description: |- - ReadinessCheck is used to indicate how to tell whether a resource is ready - for consumption. - properties: - fieldPath: - description: FieldPath shows the path of the field whose - value will be used. - type: string - matchCondition: - description: MatchCondition specifies the condition you'd - like to match if you're using "MatchCondition" type. - properties: - status: - default: "True" - description: Status is the status of the condition - you'd like to match. - type: string - type: - default: Ready - description: Type indicates the type of condition - you'd like to use. - type: string - required: - - status - - type - type: object - matchInteger: - description: MatchInt is the value you'd like to match - if you're using "MatchInt" type. - format: int64 - type: integer - matchString: - description: MatchString is the value you'd like to match - if you're using "MatchString" type. - type: string - type: - description: Type indicates the type of probe you'd like - to use. - enum: - - MatchString - - MatchInteger - - NonEmpty - - MatchCondition - - MatchTrue - - MatchFalse - - None - type: string - required: - - type - type: object - type: array - required: - - base - type: object - type: array revision: description: |- Revision number. Newer revisions have larger numbers. @@ -1075,11 +191,6 @@ spec: WriteConnectionSecretsToNamespace specifies the namespace in which the connection secrets of composite resource dynamically provisioned using this composition will be created. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsWithStoreConfigRef. Currently, both could be - set independently and connection details would be published to both - without affecting each other as long as related fields at MR level - specified. type: string required: - compositeTypeRef @@ -1142,1127 +253,3 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .spec.revision - name: REVISION - type: string - - jsonPath: .spec.compositeTypeRef.kind - name: XR-KIND - type: string - - jsonPath: .spec.compositeTypeRef.apiVersion - name: XR-APIVERSION - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - A CompositionRevision represents a revision of a Composition. Crossplane - creates new revisions when there are changes to the Composition. - - Crossplane creates and manages CompositionRevisions. Don't directly edit - CompositionRevisions. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - CompositionRevisionSpec specifies the desired state of the composition - revision. - properties: - compositeTypeRef: - description: |- - CompositeTypeRef specifies the type of composite resource that this - composition is compatible with. - properties: - apiVersion: - description: APIVersion of the type. - type: string - kind: - description: Kind of the type. - type: string - required: - - apiVersion - - kind - type: object - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - mode: - default: Resources - description: |- - Mode controls what type or "mode" of Composition will be used. - - "Pipeline" indicates that a Composition specifies a pipeline of - Composition Functions, each of which is responsible for producing - composed resources that Crossplane should create or update. - - "Resources" indicates that a Composition uses what is commonly referred - to as "Patch & Transform" or P&T composition. This mode of Composition - uses an array of resources, each a template for a composed resource. - - All Compositions should use Pipeline mode. Resources mode is deprecated. - Resources mode won't be removed in Crossplane 1.x, and will remain the - default to avoid breaking legacy Compositions. However, it's no longer - accepting new features, and only accepting security related bug fixes. - enum: - - Resources - - Pipeline - type: string - patchSets: - description: |- - PatchSets define a named set of patches that may be included by any - resource in this Composition. PatchSets cannot themselves refer to other - PatchSets. - - PatchSets are only used by the "Resources" mode of Composition. They - are ignored by other modes. - - Deprecated: Use Composition Functions instead. - items: - description: |- - A PatchSet is a set of patches that can be reused from all resources within - a Composition. - properties: - name: - description: Name of this PatchSet. - type: string - patches: - description: Patches will be applied as an overlay to the base - resource. - items: - description: |- - Patch objects are applied between composite and composed resources. Their - behaviour depends on the Type selected. The default Type, - FromCompositeFieldPath, copies a value from the composite resource to - the composed resource, applying any defined transformers. - properties: - combine: - description: |- - Combine is the patch configuration for a CombineFromComposite or - CombineToComposite patch. - properties: - strategy: - description: |- - Strategy defines the strategy to use to combine the input variable values. - Currently only string is supported. - enum: - - string - type: string - string: - description: |- - String declares that input variables should be combined into a single - string, using the relevant settings for formatting purposes. - properties: - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: |- - Variables are the list of variables whose values will be retrieved and - combined. - items: - description: |- - A CombineVariable defines the source of a value that is combined with - others to form and patch an output value. Currently, this only supports - retrieving values from a field path. - properties: - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the source whose value is - to be used as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the resource whose value is - to be used as input. Required when type is FromCompositeFieldPath or - ToCompositeFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: |- - FromFieldPath specifies how to patch from a field path. The default is - 'Optional', which means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if the patch should fail if - the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path. - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: |- - ToFieldPath is the path of the field on the resource whose value will - be changed with the result of transforms. Leave empty if you'd like to - propagate to the same path as fromFieldPath. - type: string - transforms: - description: |- - Transforms are the list of functions that are used as a FIFO pipe for the - input to be transformed. - items: - description: |- - Transform is a unit of process whose input is transformed into an output with - the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: |- - The expected input format. - - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string -> list` conversions. - - If this property is null, the default conversion is applied. - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: |- - The fallback value that should be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: |- - The patterns that should be tested against the input string. - Patterns are tested in order. The value of the first match is used as - result of this transform. - items: - description: |- - MatchTransformPattern is a transform that returns the value that matches a - pattern. - properties: - literal: - description: |- - Literal exactly matches the input string (case sensitive). - Is required if `type` is `literal`. - type: string - regexp: - description: |- - Regexp to match against the input string. - Is required if `type` is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: |- - Type specifies how the pattern matches the input. - - * `literal` - the pattern value has to exactly match (case sensitive) the - input string. This is the default. - - * `regexp` - the pattern treated as a regular expression against - which the input string is tested. Crossplane will throw an error if the - key is not a valid regexp. - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: |- - Math is used to transform the input via mathematical operations such as - multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: |- - String is used to transform the input into a string or a different kind - of string. Note that the input does not necessarily need to be a string. - properties: - convert: - description: |- - Optional conversion method to be specified. - `ToUpper` and `ToLower` change the letter case of the input string. - `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. - `ToJson` converts any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input - converted to JSON. - `ToAdler32` generate a addler32 hash based on the input string. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - - ToAdler32 - type: string - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - join: - description: Join defines parameters to join - a slice of values to a string. - properties: - separator: - description: |- - Separator defines the character that should separate the values from each - other in the joined string. - type: string - required: - - separator - type: object - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: |- - Match string. May optionally include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - - Join - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: |- - Type sets the patching behaviour to be used. Each patch type may require - its own fields to be set on the Patch object. - enum: - - FromCompositeFieldPath - - PatchSet - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - required: - - name - - patches - type: object - type: array - pipeline: - description: |- - Pipeline is a list of composition function steps that will be used when a - composite resource referring to this composition is created. One of - resources and pipeline must be specified - you cannot specify both. - - The Pipeline is only used by the "Pipeline" mode of Composition. It is - ignored by other modes. - items: - description: A PipelineStep in a Composition Function pipeline. - properties: - credentials: - description: Credentials are optional credentials that the Composition - Function needs. - items: - description: |- - FunctionCredentials are optional credentials that a Composition Function - needs to run. - properties: - name: - description: Name of this set of credentials. - type: string - secretRef: - description: |- - A SecretRef is a reference to a secret containing credentials that should - be supplied to the function. - properties: - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - name - - namespace - type: object - source: - description: Source of the function credentials. - enum: - - None - - Secret - type: string - required: - - name - - source - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - functionRef: - description: |- - FunctionRef is a reference to the Composition Function this step should - execute. - properties: - name: - description: Name of the referenced Function. - type: string - required: - - name - type: object - input: - description: |- - Input is an optional, arbitrary Kubernetes resource (i.e. a resource - with an apiVersion and kind) that will be passed to the Composition - Function as the 'input' of its RunFunctionRequest. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - step: - description: Step name. Must be unique within its Pipeline. - type: string - required: - - functionRef - - step - type: object - type: array - x-kubernetes-list-map-keys: - - step - x-kubernetes-list-type: map - publishConnectionDetailsWithStoreConfigRef: - default: - name: default - description: |- - PublishConnectionDetailsWithStoreConfig specifies the secret store config - with which the connection details of composite resources dynamically - provisioned using this composition will be published. - - THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored - unless the relevant Crossplane feature flag is enabled, and may be - changed or removed without notice. - properties: - name: - description: Name of the referenced StoreConfig. - type: string - required: - - name - type: object - resources: - description: |- - Resources is a list of resource templates that will be used when a - composite resource referring to this composition is created. - - Resources are only used by the "Resources" mode of Composition. They are - ignored by other modes. - - Deprecated: Use Composition Functions instead. - items: - description: |- - ComposedTemplate is used to provide information about how the composed resource - should be processed. - properties: - base: - description: Base is the target resource that the patches will - be applied on. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - connectionDetails: - description: |- - ConnectionDetails lists the propagation secret keys from this target - resource to the composition instance connection secret. - items: - description: |- - ConnectionDetail includes the information about the propagation of the connection - information from one secret to another. - properties: - fromConnectionSecretKey: - description: |- - FromConnectionSecretKey is the key that will be used to fetch the value - from the composed resource's connection secret. - type: string - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the composed resource whose - value to be used as input. Name must be specified if the type is - FromFieldPath. - type: string - name: - description: |- - Name of the connection secret key that will be propagated to the - connection secret of the composition instance. Leave empty if you'd like - to use the same key name. - type: string - type: - description: |- - Type sets the connection detail fetching behaviour to be used. Each - connection detail type may require its own fields to be set on the - ConnectionDetail object. If the type is omitted Crossplane will attempt - to infer it based on which other fields were specified. If multiple - fields are specified the order of precedence is: - 1. FromValue - 2. FromConnectionSecretKey - 3. FromFieldPath - enum: - - FromConnectionSecretKey - - FromFieldPath - - FromValue - type: string - value: - description: |- - Value that will be propagated to the connection secret of the composite - resource. May be set to inject a fixed, non-sensitive connection secret - value, for example a well-known port. - type: string - type: object - type: array - name: - description: |- - A Name uniquely identifies this entry within its Composition's resources - array. Names are optional but *strongly* recommended. When all entries in - the resources array are named entries may added, deleted, and reordered - as long as their names do not change. When entries are not named the - length and order of the resources array should be treated as immutable. - Either all or no entries must be named. - type: string - patches: - description: Patches will be applied as overlay to the base - resource. - items: - description: |- - Patch objects are applied between composite and composed resources. Their - behaviour depends on the Type selected. The default Type, - FromCompositeFieldPath, copies a value from the composite resource to - the composed resource, applying any defined transformers. - properties: - combine: - description: |- - Combine is the patch configuration for a CombineFromComposite or - CombineToComposite patch. - properties: - strategy: - description: |- - Strategy defines the strategy to use to combine the input variable values. - Currently only string is supported. - enum: - - string - type: string - string: - description: |- - String declares that input variables should be combined into a single - string, using the relevant settings for formatting purposes. - properties: - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: |- - Variables are the list of variables whose values will be retrieved and - combined. - items: - description: |- - A CombineVariable defines the source of a value that is combined with - others to form and patch an output value. Currently, this only supports - retrieving values from a field path. - properties: - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the source whose value is - to be used as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the resource whose value is - to be used as input. Required when type is FromCompositeFieldPath or - ToCompositeFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: |- - FromFieldPath specifies how to patch from a field path. The default is - 'Optional', which means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if the patch should fail if - the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path. - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: |- - ToFieldPath is the path of the field on the resource whose value will - be changed with the result of transforms. Leave empty if you'd like to - propagate to the same path as fromFieldPath. - type: string - transforms: - description: |- - Transforms are the list of functions that are used as a FIFO pipe for the - input to be transformed. - items: - description: |- - Transform is a unit of process whose input is transformed into an output with - the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: |- - The expected input format. - - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string -> list` conversions. - - If this property is null, the default conversion is applied. - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: |- - The fallback value that should be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: |- - The patterns that should be tested against the input string. - Patterns are tested in order. The value of the first match is used as - result of this transform. - items: - description: |- - MatchTransformPattern is a transform that returns the value that matches a - pattern. - properties: - literal: - description: |- - Literal exactly matches the input string (case sensitive). - Is required if `type` is `literal`. - type: string - regexp: - description: |- - Regexp to match against the input string. - Is required if `type` is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: |- - Type specifies how the pattern matches the input. - - * `literal` - the pattern value has to exactly match (case sensitive) the - input string. This is the default. - - * `regexp` - the pattern treated as a regular expression against - which the input string is tested. Crossplane will throw an error if the - key is not a valid regexp. - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: |- - Math is used to transform the input via mathematical operations such as - multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: |- - String is used to transform the input into a string or a different kind - of string. Note that the input does not necessarily need to be a string. - properties: - convert: - description: |- - Optional conversion method to be specified. - `ToUpper` and `ToLower` change the letter case of the input string. - `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. - `ToJson` converts any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input - converted to JSON. - `ToAdler32` generate a addler32 hash based on the input string. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - - ToAdler32 - type: string - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - join: - description: Join defines parameters to join - a slice of values to a string. - properties: - separator: - description: |- - Separator defines the character that should separate the values from each - other in the joined string. - type: string - required: - - separator - type: object - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: |- - Match string. May optionally include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - - Join - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: |- - Type sets the patching behaviour to be used. Each patch type may require - its own fields to be set on the Patch object. - enum: - - FromCompositeFieldPath - - PatchSet - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - readinessChecks: - default: - - matchCondition: - status: "True" - type: Ready - type: MatchCondition - description: |- - ReadinessChecks allows users to define custom readiness checks. All checks - have to return true in order for resource to be considered ready. The - default readiness check is to have the "Ready" condition to be "True". - items: - description: |- - ReadinessCheck is used to indicate how to tell whether a resource is ready - for consumption. - properties: - fieldPath: - description: FieldPath shows the path of the field whose - value will be used. - type: string - matchCondition: - description: MatchCondition specifies the condition you'd - like to match if you're using "MatchCondition" type. - properties: - status: - default: "True" - description: Status is the status of the condition - you'd like to match. - type: string - type: - default: Ready - description: Type indicates the type of condition - you'd like to use. - type: string - required: - - status - - type - type: object - matchInteger: - description: MatchInt is the value you'd like to match - if you're using "MatchInt" type. - format: int64 - type: integer - matchString: - description: MatchString is the value you'd like to match - if you're using "MatchString" type. - type: string - type: - description: Type indicates the type of probe you'd like - to use. - enum: - - MatchString - - MatchInteger - - NonEmpty - - MatchCondition - - MatchTrue - - MatchFalse - - None - type: string - required: - - type - type: object - type: array - required: - - base - type: object - type: array - revision: - description: |- - Revision number. Newer revisions have larger numbers. - - This number can change. When a Composition transitions from state A - -> B -> A there will be only two CompositionRevisions. Crossplane will - edit the original CompositionRevision to change its revision number from - 0 to 2. - format: int64 - type: integer - writeConnectionSecretsToNamespace: - description: |- - WriteConnectionSecretsToNamespace specifies the namespace in which the - connection secrets of composite resource dynamically provisioned using - this composition will be created. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsWithStoreConfigRef. Currently, both could be - set independently and connection details would be published to both - without affecting each other as long as related fields at MR level - specified. - type: string - required: - - compositeTypeRef - - revision - type: object - status: - description: |- - CompositionRevisionStatus shows the observed state of the composition - revision. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - observedGeneration: - description: |- - ObservedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml b/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml index 9b97bd5d..842fefd7 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_compositions.yaml @@ -77,395 +77,16 @@ spec: - message: Value is immutable rule: self == oldSelf mode: - default: Resources + default: Pipeline description: |- Mode controls what type or "mode" of Composition will be used. "Pipeline" indicates that a Composition specifies a pipeline of Composition Functions, each of which is responsible for producing composed resources that Crossplane should create or update. - - "Resources" indicates that a Composition uses what is commonly referred - to as "Patch & Transform" or P&T composition. This mode of Composition - uses an array of resources, each a template for a composed resource. - - All Compositions should use Pipeline mode. Resources mode is deprecated. - Resources mode won't be removed in Crossplane 1.x, and will remain the - default to avoid breaking legacy Compositions. However, it's no longer - accepting new features, and only accepting security related bug fixes. enum: - - Resources - Pipeline type: string - patchSets: - description: |- - PatchSets define a named set of patches that may be included by any - resource in this Composition. PatchSets cannot themselves refer to other - PatchSets. - - PatchSets are only used by the "Resources" mode of Composition. They - are ignored by other modes. - - Deprecated: Use Composition Functions instead. - items: - description: |- - A PatchSet is a set of patches that can be reused from all resources within - a Composition. - properties: - name: - description: Name of this PatchSet. - type: string - patches: - description: Patches will be applied as an overlay to the base - resource. - items: - description: |- - Patch objects are applied between composite and composed resources. Their - behaviour depends on the Type selected. The default Type, - FromCompositeFieldPath, copies a value from the composite resource to - the composed resource, applying any defined transformers. - properties: - combine: - description: |- - Combine is the patch configuration for a CombineFromComposite or - CombineToComposite patch. - properties: - strategy: - description: |- - Strategy defines the strategy to use to combine the input variable values. - Currently only string is supported. - enum: - - string - type: string - string: - description: |- - String declares that input variables should be combined into a single - string, using the relevant settings for formatting purposes. - properties: - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: |- - Variables are the list of variables whose values will be retrieved and - combined. - items: - description: |- - A CombineVariable defines the source of a value that is combined with - others to form and patch an output value. Currently, this only supports - retrieving values from a field path. - properties: - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the source whose value is - to be used as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the resource whose value is - to be used as input. Required when type is FromCompositeFieldPath or - ToCompositeFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: |- - FromFieldPath specifies how to patch from a field path. The default is - 'Optional', which means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if the patch should fail if - the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path. - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: |- - ToFieldPath is the path of the field on the resource whose value will - be changed with the result of transforms. Leave empty if you'd like to - propagate to the same path as fromFieldPath. - type: string - transforms: - description: |- - Transforms are the list of functions that are used as a FIFO pipe for the - input to be transformed. - items: - description: |- - Transform is a unit of process whose input is transformed into an output with - the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: |- - The expected input format. - - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string -> list` conversions. - - If this property is null, the default conversion is applied. - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: |- - The fallback value that should be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: |- - The patterns that should be tested against the input string. - Patterns are tested in order. The value of the first match is used as - result of this transform. - items: - description: |- - MatchTransformPattern is a transform that returns the value that matches a - pattern. - properties: - literal: - description: |- - Literal exactly matches the input string (case sensitive). - Is required if `type` is `literal`. - type: string - regexp: - description: |- - Regexp to match against the input string. - Is required if `type` is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: |- - Type specifies how the pattern matches the input. - - * `literal` - the pattern value has to exactly match (case sensitive) the - input string. This is the default. - - * `regexp` - the pattern treated as a regular expression against - which the input string is tested. Crossplane will throw an error if the - key is not a valid regexp. - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: |- - Math is used to transform the input via mathematical operations such as - multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: |- - String is used to transform the input into a string or a different kind - of string. Note that the input does not necessarily need to be a string. - properties: - convert: - description: |- - Optional conversion method to be specified. - `ToUpper` and `ToLower` change the letter case of the input string. - `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. - `ToJson` converts any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input - converted to JSON. - `ToAdler32` generate a addler32 hash based on the input string. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - - ToAdler32 - type: string - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - join: - description: Join defines parameters to join - a slice of values to a string. - properties: - separator: - description: |- - Separator defines the character that should separate the values from each - other in the joined string. - type: string - required: - - separator - type: object - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: |- - Match string. May optionally include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - - Join - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: |- - Type sets the patching behaviour to be used. Each patch type may require - its own fields to be set on the Patch object. - enum: - - FromCompositeFieldPath - - PatchSet - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - required: - - name - - patches - type: object - type: array pipeline: description: |- Pipeline is a list of composition function steps that will be used when a @@ -513,6 +134,9 @@ spec: - name - source type: object + x-kubernetes-validations: + - message: the Secret source requires a secretRef + rule: self.source == 'Secret' && has(self.secretRef) type: array x-kubernetes-list-map-keys: - name @@ -543,532 +167,24 @@ spec: - functionRef - step type: object + maxItems: 99 + minItems: 1 type: array x-kubernetes-list-map-keys: - step x-kubernetes-list-type: map - publishConnectionDetailsWithStoreConfigRef: - default: - name: default - description: |- - PublishConnectionDetailsWithStoreConfig specifies the secret store config - with which the connection details of composite resources dynamically - provisioned using this composition will be published. - - THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored - unless the relevant Crossplane feature flag is enabled, and may be - changed or removed without notice. - properties: - name: - description: Name of the referenced StoreConfig. - type: string - required: - - name - type: object - resources: - description: |- - Resources is a list of resource templates that will be used when a - composite resource referring to this composition is created. - - Resources are only used by the "Resources" mode of Composition. They are - ignored by other modes. - - Deprecated: Use Composition Functions instead. - items: - description: |- - ComposedTemplate is used to provide information about how the composed resource - should be processed. - properties: - base: - description: Base is the target resource that the patches will - be applied on. - type: object - x-kubernetes-embedded-resource: true - x-kubernetes-preserve-unknown-fields: true - connectionDetails: - description: |- - ConnectionDetails lists the propagation secret keys from this target - resource to the composition instance connection secret. - items: - description: |- - ConnectionDetail includes the information about the propagation of the connection - information from one secret to another. - properties: - fromConnectionSecretKey: - description: |- - FromConnectionSecretKey is the key that will be used to fetch the value - from the composed resource's connection secret. - type: string - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the composed resource whose - value to be used as input. Name must be specified if the type is - FromFieldPath. - type: string - name: - description: |- - Name of the connection secret key that will be propagated to the - connection secret of the composition instance. Leave empty if you'd like - to use the same key name. - type: string - type: - description: |- - Type sets the connection detail fetching behaviour to be used. Each - connection detail type may require its own fields to be set on the - ConnectionDetail object. If the type is omitted Crossplane will attempt - to infer it based on which other fields were specified. If multiple - fields are specified the order of precedence is: - 1. FromValue - 2. FromConnectionSecretKey - 3. FromFieldPath - enum: - - FromConnectionSecretKey - - FromFieldPath - - FromValue - type: string - value: - description: |- - Value that will be propagated to the connection secret of the composite - resource. May be set to inject a fixed, non-sensitive connection secret - value, for example a well-known port. - type: string - type: object - type: array - name: - description: |- - A Name uniquely identifies this entry within its Composition's resources - array. Names are optional but *strongly* recommended. When all entries in - the resources array are named entries may added, deleted, and reordered - as long as their names do not change. When entries are not named the - length and order of the resources array should be treated as immutable. - Either all or no entries must be named. - type: string - patches: - description: Patches will be applied as overlay to the base - resource. - items: - description: |- - Patch objects are applied between composite and composed resources. Their - behaviour depends on the Type selected. The default Type, - FromCompositeFieldPath, copies a value from the composite resource to - the composed resource, applying any defined transformers. - properties: - combine: - description: |- - Combine is the patch configuration for a CombineFromComposite or - CombineToComposite patch. - properties: - strategy: - description: |- - Strategy defines the strategy to use to combine the input variable values. - Currently only string is supported. - enum: - - string - type: string - string: - description: |- - String declares that input variables should be combined into a single - string, using the relevant settings for formatting purposes. - properties: - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - required: - - fmt - type: object - variables: - description: |- - Variables are the list of variables whose values will be retrieved and - combined. - items: - description: |- - A CombineVariable defines the source of a value that is combined with - others to form and patch an output value. Currently, this only supports - retrieving values from a field path. - properties: - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the source whose value is - to be used as input. - type: string - required: - - fromFieldPath - type: object - minItems: 1 - type: array - required: - - strategy - - variables - type: object - fromFieldPath: - description: |- - FromFieldPath is the path of the field on the resource whose value is - to be used as input. Required when type is FromCompositeFieldPath or - ToCompositeFieldPath. - type: string - patchSetName: - description: PatchSetName to include patches from. Required - when type is PatchSet. - type: string - policy: - description: Policy configures the specifics of patching - behaviour. - properties: - fromFieldPath: - description: |- - FromFieldPath specifies how to patch from a field path. The default is - 'Optional', which means the patch will be a no-op if the specified - fromFieldPath does not exist. Use 'Required' if the patch should fail if - the specified path does not exist. - enum: - - Optional - - Required - type: string - mergeOptions: - description: MergeOptions Specifies merge options - on a field path. - properties: - appendSlice: - description: Specifies that already existing elements - in a merged slice should be preserved - type: boolean - keepMapValues: - description: Specifies that already existing values - in a merged map should be preserved - type: boolean - type: object - type: object - toFieldPath: - description: |- - ToFieldPath is the path of the field on the resource whose value will - be changed with the result of transforms. Leave empty if you'd like to - propagate to the same path as fromFieldPath. - type: string - transforms: - description: |- - Transforms are the list of functions that are used as a FIFO pipe for the - input to be transformed. - items: - description: |- - Transform is a unit of process whose input is transformed into an output with - the supplied configuration. - properties: - convert: - description: Convert is used to cast the input into - the given output type. - properties: - format: - description: |- - The expected input format. - - * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). - Only used during `string -> float64` conversions. - * `json` - parses the input as a JSON string. - Only used during `string -> object` or `string -> list` conversions. - - If this property is null, the default conversion is applied. - enum: - - none - - quantity - - json - type: string - toType: - description: ToType is the type of the output - of this transform. - enum: - - string - - int - - int64 - - bool - - float64 - - object - - array - type: string - required: - - toType - type: object - map: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: Map uses the input as a key in the - given map and returns the value. - type: object - match: - description: Match is a more complex version of - Map that matches a list of patterns. - properties: - fallbackTo: - default: Value - description: Determines to what value the transform - should fallback if no pattern matches. - enum: - - Value - - Input - type: string - fallbackValue: - description: |- - The fallback value that should be returned by the transform if now pattern - matches. - x-kubernetes-preserve-unknown-fields: true - patterns: - description: |- - The patterns that should be tested against the input string. - Patterns are tested in order. The value of the first match is used as - result of this transform. - items: - description: |- - MatchTransformPattern is a transform that returns the value that matches a - pattern. - properties: - literal: - description: |- - Literal exactly matches the input string (case sensitive). - Is required if `type` is `literal`. - type: string - regexp: - description: |- - Regexp to match against the input string. - Is required if `type` is `regexp`. - type: string - result: - description: The value that is used as - result of the transform if the pattern - matches. - x-kubernetes-preserve-unknown-fields: true - type: - default: literal - description: |- - Type specifies how the pattern matches the input. - - * `literal` - the pattern value has to exactly match (case sensitive) the - input string. This is the default. - - * `regexp` - the pattern treated as a regular expression against - which the input string is tested. Crossplane will throw an error if the - key is not a valid regexp. - enum: - - literal - - regexp - type: string - required: - - result - - type - type: object - type: array - type: object - math: - description: |- - Math is used to transform the input via mathematical operations such as - multiplication. - properties: - clampMax: - description: ClampMax makes sure that the value - is not bigger than the given value. - format: int64 - type: integer - clampMin: - description: ClampMin makes sure that the value - is not smaller than the given value. - format: int64 - type: integer - multiply: - description: Multiply the value. - format: int64 - type: integer - type: - default: Multiply - description: Type of the math transform to be - run. - enum: - - Multiply - - ClampMin - - ClampMax - type: string - type: object - string: - description: |- - String is used to transform the input into a string or a different kind - of string. Note that the input does not necessarily need to be a string. - properties: - convert: - description: |- - Optional conversion method to be specified. - `ToUpper` and `ToLower` change the letter case of the input string. - `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. - `ToJson` converts any input value into its raw JSON representation. - `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input - converted to JSON. - `ToAdler32` generate a addler32 hash based on the input string. - enum: - - ToUpper - - ToLower - - ToBase64 - - FromBase64 - - ToJson - - ToSha1 - - ToSha256 - - ToSha512 - - ToAdler32 - type: string - fmt: - description: |- - Format the input using a Go format string. See - https://golang.org/pkg/fmt/ for details. - type: string - join: - description: Join defines parameters to join - a slice of values to a string. - properties: - separator: - description: |- - Separator defines the character that should separate the values from each - other in the joined string. - type: string - required: - - separator - type: object - regexp: - description: Extract a match from the input - using a regular expression. - properties: - group: - description: Group number to match. 0 (the - default) matches the entire expression. - type: integer - match: - description: |- - Match string. May optionally include submatches, aka capture groups. - See https://pkg.go.dev/regexp/ for details. - type: string - required: - - match - type: object - trim: - description: Trim the prefix or suffix from - the input - type: string - type: - default: Format - description: Type of the string transform to - be run. - enum: - - Format - - Convert - - TrimPrefix - - TrimSuffix - - Regexp - - Join - type: string - type: object - type: - description: Type of the transform to be run. - enum: - - map - - match - - math - - string - - convert - type: string - required: - - type - type: object - type: array - type: - default: FromCompositeFieldPath - description: |- - Type sets the patching behaviour to be used. Each patch type may require - its own fields to be set on the Patch object. - enum: - - FromCompositeFieldPath - - PatchSet - - ToCompositeFieldPath - - CombineFromComposite - - CombineToComposite - type: string - type: object - type: array - readinessChecks: - default: - - matchCondition: - status: "True" - type: Ready - type: MatchCondition - description: |- - ReadinessChecks allows users to define custom readiness checks. All checks - have to return true in order for resource to be considered ready. The - default readiness check is to have the "Ready" condition to be "True". - items: - description: |- - ReadinessCheck is used to indicate how to tell whether a resource is ready - for consumption. - properties: - fieldPath: - description: FieldPath shows the path of the field whose - value will be used. - type: string - matchCondition: - description: MatchCondition specifies the condition you'd - like to match if you're using "MatchCondition" type. - properties: - status: - default: "True" - description: Status is the status of the condition - you'd like to match. - type: string - type: - default: Ready - description: Type indicates the type of condition - you'd like to use. - type: string - required: - - status - - type - type: object - matchInteger: - description: MatchInt is the value you'd like to match - if you're using "MatchInt" type. - format: int64 - type: integer - matchString: - description: MatchString is the value you'd like to match - if you're using "MatchString" type. - type: string - type: - description: Type indicates the type of probe you'd like - to use. - enum: - - MatchString - - MatchInteger - - NonEmpty - - MatchCondition - - MatchTrue - - MatchFalse - - None - type: string - required: - - type - type: object - type: array - required: - - base - type: object - type: array writeConnectionSecretsToNamespace: description: |- WriteConnectionSecretsToNamespace specifies the namespace in which the connection secrets of composite resource dynamically provisioned using this composition will be created. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsWithStoreConfigRef. Currently, both could be - set independently and connection details would be published to both - without affecting each other as long as related fields at MR level - specified. type: string required: - compositeTypeRef type: object + x-kubernetes-validations: + - message: an array of pipeline steps is required in Pipeline mode + rule: self.mode == 'Pipeline' && has(self.pipeline) type: object served: true storage: true diff --git a/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml b/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml index 065e14ec..0919a001 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_environmentconfigs.yaml @@ -58,7 +58,7 @@ spec: type: object type: object served: true - storage: false + storage: true subresources: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp @@ -100,5 +100,5 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: {} diff --git a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml index a7624da7..d67c5f9a 100644 --- a/content/master/api/crds/apiextensions.crossplane.io_usages.yaml +++ b/content/master/api/crds/apiextensions.crossplane.io_usages.yaml @@ -26,6 +26,9 @@ spec: - jsonPath: .metadata.creationTimestamp name: AGE type: date + deprecated: true + deprecationWarning: apiextensions.crossplane.io Usage is deprecated; migrate to + protection.crossplane.io Usage or ClusterUsage name: v1alpha1 schema: openAPIV3Schema: @@ -36,7 +39,9 @@ spec: resources with dependent resources. Read the Crossplane documentation for - [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages). + [more information about Usages](https://docs.crossplane.io/latest/concepts/usages). + + Deprecated: Use protection.crossplane.io Usage or ClusterUsage. properties: apiVersion: description: |- @@ -223,6 +228,9 @@ spec: - jsonPath: .metadata.creationTimestamp name: AGE type: date + deprecated: true + deprecationWarning: apiextensions.crossplane.io Usage is deprecated; migrate to + protection.crossplane.io Usage or ClusterUsage name: v1beta1 schema: openAPIV3Schema: @@ -233,7 +241,9 @@ spec: resources with dependent resources. Read the Crossplane documentation for - [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages). + [more information about Usages](https://docs.crossplane.io/latest/concepts/usages). + + Deprecated: Use protection.crossplane.io Usage or ClusterUsage. properties: apiVersion: description: |- diff --git a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml index 5fc418dd..15888697 100644 --- a/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_configurationrevisions.yaml @@ -146,27 +146,6 @@ spec: description: PackageRevisionStatus represents the observed state of a PackageRevision. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this revision, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -302,12 +281,6 @@ spec: - verbs type: object type: array - resolvedImage: - description: |- - ResolvedPackage is the name of the package that was installed. It may be - different from spec.image if the package path was rewritten using an - image config. - type: string type: object type: object served: true diff --git a/content/master/api/crds/pkg.crossplane.io_configurations.yaml b/content/master/api/crds/pkg.crossplane.io_configurations.yaml index 05f33741..6ec9cdc6 100644 --- a/content/master/api/crds/pkg.crossplane.io_configurations.yaml +++ b/content/master/api/crds/pkg.crossplane.io_configurations.yaml @@ -138,27 +138,6 @@ spec: status: description: ConfigurationStatus represents the observed state of a Configuration. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this package, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -220,12 +199,6 @@ spec: reflect the most up to date revision, whether it has been activated or not. type: string - resolvedPackage: - description: |- - ResolvedPackage is the name of the package that was used for version - resolution. It may be different from spec.package if the package path was - rewritten using an image config. - type: string type: object type: object served: true diff --git a/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml b/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml deleted file mode 100644 index 03bc569b..00000000 --- a/content/master/api/crds/pkg.crossplane.io_controllerconfigs.yaml +++ /dev/null @@ -1,3675 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - name: controllerconfigs.pkg.crossplane.io -spec: - group: pkg.crossplane.io - names: - kind: ControllerConfig - listKind: ControllerConfigList - plural: controllerconfigs - singular: controllerconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - deprecated: true - deprecationWarning: ControllerConfig.pkg.crossplane.io/v1alpha1 is deprecated. - Use DeploymentRuntimeConfig from pkg.crossplane.io/v1beta1 instead. - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - A ControllerConfig applies settings to controllers like Provider pods. - Deprecated: Use the - [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration) - instead. - - Read the - [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md) - design document for more details. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - ControllerConfigSpec specifies the configuration for a packaged controller. - Values provided will override package manager defaults. Labels and - annotations are passed to both the controller Deployment and ServiceAccount. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - args: - description: |- - Arguments to the entrypoint. - The docker image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. - Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - items: - type: string - type: array - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: |- - Docker image name. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - imagePullSecrets: - description: |- - ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - If specified, these secrets will be passed to individual puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - Setting ImagePullSecrets will replace any secrets that have been - propagated to a controller Deployment, typically via packagePullSecrets. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metadata: - description: Metadata that will be added to the provider Pod. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and - categorize (scope and select) objects. This will only affect - labels on the pod, not the pod selector. Labels will be merged - with internal labels used by crossplane, and labels with a - crossplane.io key might be overwritten. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - type: object - type: object - nodeName: - description: |- - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that node, assuming that it fits resource - requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - podSecurityContext: - description: |- - PodSecurityContext holds pod-level security attributes and common container settings. - Optional: Defaults to empty. See type description for default values of each field. - properties: - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - ports: - description: List of container ports to expose on the container - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - priorityClassName: - description: |- - If specified, indicates the pod's priority. "system-node-critical" and - "system-cluster-critical" are two special keywords which indicate the - highest priorities with the former being the highest priority. Any other - name must be defined by creating a PriorityClass object with that name. - If not specified, the pod priority will be default or zero if there is no - default. - type: string - replicas: - description: |- - Number of desired pods. This is a pointer to distinguish between explicit - zero and not specified. Defaults to 1. - Note: If more than 1 replica is set and leader election is not enabled then - controllers could conflict. Environment variable "LEADER_ELECTION" can be - used to enable leader election process. - format: int32 - type: integer - resources: - description: |- - Compute Resources required by this container. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runtimeClassName: - description: |- - RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - empty definition that uses the default runtime handler. - More info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md - This is a beta feature as of Kubernetes v1.14. - type: string - securityContext: - description: |- - SecurityContext holds container-level security attributes and common container settings. - Optional: Defaults to empty. See type description for default values of each field. - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - required: - - type - type: object - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: |- - ServiceAccountName is the name of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - If specified, a ServiceAccount named this ServiceAccountName will be used for - the spec.serviceAccountName field in Pods to be created and for the subjects.name field - in a ClusterRoleBinding to be created. - If there is no ServiceAccount named this ServiceAccountName, a new ServiceAccount - will be created. - If there is a pre-existing ServiceAccount named this ServiceAccountName, the ServiceAccount - will be used. The annotations in the ControllerConfig will be copied to the ServiceAccount - and pre-existing annotations will be kept. - Regardless of whether there is a ServiceAccount created by Crossplane or is in place already, - the ServiceAccount will be deleted once the Provider and ControllerConfig are deleted. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - volumeMounts: - description: |- - List of VolumeMounts to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: |- - List of volumes that can be mounted by containers belonging to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - default: ext4 - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - default: false - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name, namespace and uid - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - x-kubernetes-list-type: atomic - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - image: - description: |- - image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. - The volume is resolved at pod startup depending on which PullPolicy value is provided: - - - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - - The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. - A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. - The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. - The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. - The volume will be mounted read-only (ro) and non-executable files (noexec). - Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). - The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. - properties: - pullPolicy: - description: |- - Policy for pulling OCI objects. Possible values are: - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - type: string - reference: - description: |- - Required: Image or artifact reference to be used. - Behaves in the same way as pod.spec.containers[*].image. - Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - default: default - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - x-kubernetes-list-type: atomic - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: |- - name of the volume. - Must be a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: |- - sources is the list of volume projections. Each entry in this list - handles one source. - items: - description: |- - Projection that may be projected along with other supported volume types. - Exactly one of these fields must be set. - properties: - clusterTrustBundle: - description: |- - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field - of ClusterTrustBundle objects in an auto-updating file. - - Alpha, gated by the ClusterTrustBundleProjection feature gate. - - ClusterTrustBundle objects can either be selected by name, or by the - combination of signer name and a label selector. - - Kubelet performs aggressive normalization of the PEM contents written - into the pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates are deduplicated. - The ordering of certificates within the file is arbitrary, and Kubelet - may change the order over time. - properties: - labelSelector: - description: |- - Select all ClusterTrustBundles that match this label selector. Only has - effect if signerName is set. Mutually-exclusive with name. If unset, - interpreted as "match nothing". If set but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: |- - Select a single ClusterTrustBundle by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: |- - If true, don't block pod startup if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the named ClusterTrustBundle is - allowed not to exist. If using signerName, then the combination of - signerName and labelSelector is allowed to match zero - ClusterTrustBundles. - type: boolean - path: - description: Relative path from the volume root - to write the bundle. - type: string - signerName: - description: |- - Select all ClusterTrustBundles that match this signer name. - Mutually-exclusive with name. The contents of all selected - ClusterTrustBundles will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name, namespace and uid are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - x-kubernetes-list-type: atomic - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - default: /etc/ceph/keyring - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - x-kubernetes-list-type: atomic - pool: - default: rbd - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - user: - default: admin - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - default: xfs - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - default: ThinProvisioned - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-type: atomic - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml index e0fc5a26..d731e839 100644 --- a/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_functionrevisions.yaml @@ -189,27 +189,6 @@ spec: description: FunctionRevisionStatus represents the observed state of a FunctionRevision. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this revision, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -350,12 +329,6 @@ spec: - verbs type: object type: array - resolvedImage: - description: |- - ResolvedPackage is the name of the package that was installed. It may be - different from spec.image if the package path was rewritten using an - image config. - type: string type: object type: object served: true @@ -534,27 +507,6 @@ spec: description: FunctionRevisionStatus represents the observed state of a FunctionRevision. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this revision, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -695,12 +647,6 @@ spec: - verbs type: object type: array - resolvedImage: - description: |- - ResolvedPackage is the name of the package that was installed. It may be - different from spec.image if the package path was rewritten using an - image config. - type: string type: object type: object served: true diff --git a/content/master/api/crds/pkg.crossplane.io_functions.yaml b/content/master/api/crds/pkg.crossplane.io_functions.yaml index 67b74eed..82623ab3 100644 --- a/content/master/api/crds/pkg.crossplane.io_functions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_functions.yaml @@ -168,27 +168,6 @@ spec: status: description: FunctionStatus represents the observed state of a Function. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this package, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -250,12 +229,6 @@ spec: reflect the most up to date revision, whether it has been activated or not. type: string - resolvedPackage: - description: |- - ResolvedPackage is the name of the package that was used for version - resolution. It may be different from spec.package if the package path was - rewritten using an image config. - type: string type: object type: object served: true @@ -413,27 +386,6 @@ spec: status: description: FunctionStatus represents the observed state of a Function. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this package, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -495,12 +447,6 @@ spec: reflect the most up to date revision, whether it has been activated or not. type: string - resolvedPackage: - description: |- - ResolvedPackage is the name of the package that was used for version - resolution. It may be different from spec.package if the package path was - rewritten using an image config. - type: string type: object type: object served: true diff --git a/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml b/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml index 25367790..ae12439f 100644 --- a/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml +++ b/content/master/api/crds/pkg.crossplane.io_imageconfigs.yaml @@ -47,19 +47,13 @@ spec: description: ImageConfigSpec contains the configuration for matching images. properties: matchImages: - description: |- - MatchImages is a list of image matching rules. This ImageConfig will - match an image if any one of these rules is satisfied. In the case where - multiple ImageConfigs match an image for a given purpose the one with the - most specific match will be used. If multiple rules of equal specificity - match an arbitrary one will be selected. + description: MatchImages is a list of image matching rules that should + be satisfied. items: description: ImageMatch defines a rule for matching image. properties: prefix: - description: |- - Prefix is the prefix that should be matched. When multiple prefix rules - match an image path, the longest one takes precedence. + description: Prefix is the prefix that should be matched. type: string type: default: Prefix @@ -101,19 +95,6 @@ spec: - pullSecretRef type: object type: object - rewriteImage: - description: RewriteImage defines how a matched image's path should - be rewritten. - properties: - prefix: - description: |- - Prefix is the prefix that will replace the portion of the image's path - matched by the prefix in the ImageMatch. If multiple prefixes matched, - the longest one will be replaced. - type: string - required: - - prefix - type: object verification: description: Verification contains the configuration for verifying the image. diff --git a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml index 27e60e74..3b60db38 100644 --- a/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml +++ b/content/master/api/crds/pkg.crossplane.io_providerrevisions.yaml @@ -189,27 +189,6 @@ spec: description: PackageRevisionStatus represents the observed state of a PackageRevision. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this revision, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -345,12 +324,6 @@ spec: - verbs type: object type: array - resolvedImage: - description: |- - ResolvedPackage is the name of the package that was installed. It may be - different from spec.image if the package path was rewritten using an - image config. - type: string type: object type: object served: true diff --git a/content/master/api/crds/pkg.crossplane.io_providers.yaml b/content/master/api/crds/pkg.crossplane.io_providers.yaml index 69abaefd..40158079 100644 --- a/content/master/api/crds/pkg.crossplane.io_providers.yaml +++ b/content/master/api/crds/pkg.crossplane.io_providers.yaml @@ -170,27 +170,6 @@ spec: status: description: ProviderStatus represents the observed state of a Provider. properties: - appliedImageConfigRefs: - description: |- - AppliedImageConfigRefs records any image configs that were applied in - reconciling this package, and what they were used for. - items: - description: |- - ImageConfigRef is a reference to an image config that indicates how the - referenced image config was used by the package manager. - properties: - name: - description: Name is the name of the image config. - type: string - reason: - description: Reason indicates what the image config was used - for. - type: string - required: - - name - - reason - type: object - type: array conditions: description: Conditions of the resource. items: @@ -252,12 +231,6 @@ spec: reflect the most up to date revision, whether it has been activated or not. type: string - resolvedPackage: - description: |- - ResolvedPackage is the name of the package that was used for version - resolution. It may be different from spec.package if the package path was - rewritten using an image config. - type: string type: object type: object served: true diff --git a/content/master/api/crds/protection.crossplane.io_clusterusages.yaml b/content/master/api/crds/protection.crossplane.io_clusterusages.yaml new file mode 100644 index 00000000..c6fe5a30 --- /dev/null +++ b/content/master/api/crds/protection.crossplane.io_clusterusages.yaml @@ -0,0 +1,216 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: clusterusages.protection.crossplane.io +spec: + group: protection.crossplane.io + names: + categories: + - crossplane + kind: ClusterUsage + listKind: ClusterUsageList + plural: clusterusages + singular: clusterusage + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.annotations.crossplane\.io/usage-details + name: DETAILS + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A ClusterUsage defines a deletion blocking relationship between two + resources. + + Usages prevent accidental deletion of a single resource or deletion of + resources with dependent resources. + + Read the Crossplane documentation for + [more information about usages](https://docs.crossplane.io/latest/concepts/usages). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterUsageSpec defines the desired state of a ClusterUsage. + properties: + by: + description: By is the resource that is "using the other resource". + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + resourceRef: + description: Reference to the resource. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + resourceSelector: + description: |- + Selector to the resource. + This field will be ignored if ResourceRef is set. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + type: object + type: object + x-kubernetes-validations: + - message: either a resource reference or a resource selector should + be set. + rule: has(self.resourceRef) || has(self.resourceSelector) + of: + description: Of is the resource that is "being used". + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + resourceRef: + description: Reference to the resource. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + resourceSelector: + description: |- + Selector to the resource. + This field will be ignored if ResourceRef is set. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + type: object + type: object + x-kubernetes-validations: + - message: either a resource reference or a resource selector should + be set. + rule: has(self.resourceRef) || has(self.resourceSelector) + reason: + description: Reason is the reason for blocking deletion of the resource. + type: string + replayDeletion: + description: ReplayDeletion will trigger a deletion on the used resource + during the deletion of the usage itself, if it was attempted to + be deleted at least once. + type: boolean + required: + - of + type: object + x-kubernetes-validations: + - message: either "spec.by" or "spec.reason" must be specified. + rule: has(self.by) || has(self.reason) + status: + description: UsageStatus defines the observed state of Usage. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/master/api/crds/protection.crossplane.io_usages.yaml b/content/master/api/crds/protection.crossplane.io_usages.yaml new file mode 100644 index 00000000..62595973 --- /dev/null +++ b/content/master/api/crds/protection.crossplane.io_usages.yaml @@ -0,0 +1,223 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: usages.protection.crossplane.io +spec: + group: protection.crossplane.io + names: + categories: + - crossplane + kind: Usage + listKind: UsageList + plural: usages + singular: usage + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.annotations.crossplane\.io/usage-details + name: DETAILS + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + A Usage defines a deletion blocking relationship between two resources. + + Usages prevent accidental deletion of a single resource or deletion of + resources with dependent resources. + + Read the Crossplane documentation for + [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: UsageSpec defines the desired state of Usage. + properties: + by: + description: By is the resource that is "using the other resource". + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + resourceRef: + description: Reference to the resource. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + resourceSelector: + description: |- + Selector to the resource. + This field will be ignored if ResourceRef is set. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + type: object + type: object + x-kubernetes-validations: + - message: either a resource reference or a resource selector should + be set. + rule: has(self.resourceRef) || has(self.resourceSelector) + of: + description: Of is the resource that is "being used". + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + resourceRef: + description: Reference to the resource. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent. + type: string + required: + - name + type: object + resourceSelector: + description: |- + Selector to the resource. + This field will be ignored if ResourceRef is set. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: |- + Namespace ensures an object in the supplied namespace is selected. + Omit namespace to only match resources in the Usage's namespace. + type: string + type: object + type: object + x-kubernetes-validations: + - message: either a resource reference or a resource selector should + be set. + rule: has(self.resourceRef) || has(self.resourceSelector) + reason: + description: Reason is the reason for blocking deletion of the resource. + type: string + replayDeletion: + description: ReplayDeletion will trigger a deletion on the used resource + during the deletion of the usage itself, if it was attempted to + be deleted at least once. + type: boolean + required: + - of + type: object + x-kubernetes-validations: + - message: either "spec.by" or "spec.reason" must be specified. + rule: has(self.by) || has(self.reason) + status: + description: UsageStatus defines the observed state of Usage. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml b/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml deleted file mode 100644 index 31e23b8c..00000000 --- a/content/master/api/crds/secrets.crossplane.io_storeconfigs.yaml +++ /dev/null @@ -1,172 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - name: storeconfigs.secrets.crossplane.io -spec: - group: secrets.crossplane.io - names: - categories: - - crossplane - - store - kind: StoreConfig - listKind: StoreConfigList - plural: storeconfigs - singular: storeconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - jsonPath: .spec.type - name: TYPE - type: string - - jsonPath: .spec.defaultScope - name: DEFAULT-SCOPE - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - A StoreConfig configures how Crossplane controllers should store connection - details in an external secret store. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: A StoreConfigSpec defines the desired state of a StoreConfig. - properties: - defaultScope: - description: |- - DefaultScope used for scoping secrets for "cluster-scoped" resources. - If store type is "Kubernetes", this would mean the default namespace to - store connection secrets for cluster scoped resources. - In case of "Vault", this would be used as the default parent path. - Typically, should be set as Crossplane installation namespace. - type: string - kubernetes: - description: |- - Kubernetes configures a Kubernetes secret store. - If the "type" is "Kubernetes" but no config provided, in cluster config - will be used. - properties: - auth: - description: Credentials used to connect to the Kubernetes API. - properties: - env: - description: |- - Env is a reference to an environment variable that contains credentials - that must be used to connect to the provider. - properties: - name: - description: Name is the name of an environment variable. - type: string - required: - - name - type: object - fs: - description: |- - Fs is a reference to a filesystem location that contains credentials that - must be used to connect to the provider. - properties: - path: - description: Path is a filesystem path. - type: string - required: - - path - type: object - secretRef: - description: |- - A SecretRef is a reference to a secret key that contains the credentials - that must be used to connect to the provider. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - key - - name - - namespace - type: object - source: - description: Source of the credentials. - enum: - - None - - Secret - - Environment - - Filesystem - type: string - required: - - source - type: object - required: - - auth - type: object - plugin: - description: Plugin configures External secret store as a plugin. - properties: - configRef: - description: ConfigRef contains store config reference info. - properties: - apiVersion: - description: APIVersion of the referenced config. - type: string - kind: - description: Kind of the referenced config. - type: string - name: - description: Name of the referenced config. - type: string - required: - - apiVersion - - kind - - name - type: object - endpoint: - description: Endpoint is the endpoint of the gRPC server. - type: string - type: object - type: - default: Kubernetes - description: |- - Type configures which secret store to be used. Only the configuration - block for this store will be used and others will be ignored if provided. - Default is Kubernetes. - enum: - - Kubernetes - - Vault - - Plugin - type: string - required: - - defaultScope - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} diff --git a/content/master/cli/_index.md b/content/master/cli/_index.md index b6f2e6ec..3db4237e 100644 --- a/content/master/cli/_index.md +++ b/content/master/cli/_index.md @@ -17,17 +17,17 @@ The Crossplane CLI includes: The Crossplane CLI is a single standalone binary with no external dependencies. {{}} -Install the Crossplane CLI on a user's computer. +Install the Crossplane CLI on a user's computer. -Most Crossplane CLI commands are independent of Kubernetes and +Most Crossplane CLI commands are independent of Kubernetes and don't require access to a Crossplane pod. -{{< /hint >}} +{{< /hint >}} To download the latest version for your CPU architecture with the Crossplane install script. ```shell -curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | sh +curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_CHANNEL=preview sh ``` [The script](https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh) @@ -35,13 +35,13 @@ detects your CPU architecture and downloads the latest stable release. {{}} -If you don't want to run shell script you can manually download a binary from -the Crossplane releases repository at +If you don't want to run shell script you can manually download a binary from +the Crossplane releases repository at https://releases.crossplane.io/stable/current/bin {{}} -The CLI is named `crank` in the release repository. Download this file. +The CLI is named `crank` in the release repository. Download this file. The `crossplane` binary is the Kubernetes Crossplane pod image. @@ -53,29 +53,12 @@ Move the binary to a location in your `$PATH`, for example `/usr/local/bin`. ### Download other CLI versions Download different Crossplane CLI versions or different release branches with -the `XP_CHANNEL` and `XP_VERSION` environmental variables. +the `XP_CHANNEL` and `XP_VERSION` environmental variables. -By default the CLI installs from the `XP_CHANNEL` named `stable` and the +By default the CLI installs from the `XP_CHANNEL` named `stable` and the `XP_VERSION` of `current`, matching the most recent stable release. -For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the -download script curl command: +For example, to install CLI version `v1.14.0` add `XP_VERSION=v1.14.0` to the +download script curl command: -`curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_VERSION=v1.14.0 sh` - -## Installing shell autocompletions - -The Crossplane CLI supports shell autocompletions for `bash`, `zsh` and `fish`. -You can install the autocompletions with the `completions` command by adding it to -your shell's configuration file. - -```shell -source <(crossplane completions) -``` - -{{}} -The `completions` command generates the autocompletions for your default shell. -It's not possible to generate autocompletions for a different shell, if you want to -install the autocompletions for a different shell, you have to configure the Crossplane -CLI as the completer manually. -{{< /hint >}} +`curl -sL "https://raw.githubusercontent.com/crossplane/crossplane/main/install.sh" | XP_VERSION=v1.14.0 sh` \ No newline at end of file diff --git a/content/master/cli/command-reference.md b/content/master/cli/command-reference.md index 7e442888..9bf35e95 100644 --- a/content/master/cli/command-reference.md +++ b/content/master/cli/command-reference.md @@ -38,8 +38,8 @@ Server Version: v1.17.0 ## render The `crossplane render` command previews the output of a -[composite resource]({{}}) after applying -any [composition functions]({{}}). +[composite resource]({{}}) after applying +any [composition functions]({{}}). {{< hint "important" >}} The `crossplane render` command requires you to use composition functions. @@ -178,7 +178,7 @@ built-in support in [function-go-templating](https://github.com/crossplane-contr ## xpkg The `crossplane xpkg` commands create, install and update Crossplane -[packages]({{}}) as well as enable authentication +[packages]({{}}) as well as enable authentication and publishing of Crossplane packages to a Crossplane package registry. ### xpkg build @@ -193,9 +193,9 @@ The CLI applies the required annotations and values to meet the [Crossplane XPKG specification](https://github.com/crossplane/crossplane/blob/main/contributing/specifications/xpkg.md). The `crossplane` CLI supports building -[configuration]({{< ref "../concepts/packages" >}}), -[function]({{}}) and -[provider]({{}}) package types. +[configuration]({{< ref "../packages/configurations" >}}), +[function]({{}}) and +[provider]({{}}) package types. #### Flags @@ -270,9 +270,9 @@ with the command The `` input isn't used. Crossplane reserves the `` for future releases. The `